19,281 research outputs found
Using smartphones as a proxy for forensic evidence contained in cloud storage services
Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community.
It is anticipated that smartphone devices will retain data from these storage services. Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service. The contribution of this paper is twofold. First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices. This view acts as a proxy for data stored in the cloud. Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services
Conceptual evidence collection and analysis methodology for Android devices
Android devices continue to grow in popularity and capability meaning the
need for a forensically sound evidence collection methodology for these devices
also increases. This chapter proposes a methodology for evidence collection and
analysis for Android devices that is, as far as practical, device agnostic.
Android devices may contain a significant amount of evidential data that could
be essential to a forensic practitioner in their investigations. However, the
retrieval of this data requires that the practitioner understand and utilize
techniques to analyze information collected from the device. The major
contribution of this research is an in-depth evidence collection and analysis
methodology for forensic practitioners.Comment: in Cloud Security Ecosystem (Syngress, an Imprint of Elsevier), 201
A Forensically Sound Adversary Model for Mobile Devices
In this paper, we propose an adversary model to facilitate forensic
investigations of mobile devices (e.g. Android, iOS and Windows smartphones)
that can be readily adapted to the latest mobile device technologies. This is
essential given the ongoing and rapidly changing nature of mobile device
technologies. An integral principle and significant constraint upon forensic
practitioners is that of forensic soundness. Our adversary model specifically
considers and integrates the constraints of forensic soundness on the
adversary, in our case, a forensic practitioner. One construction of the
adversary model is an evidence collection and analysis methodology for Android
devices. Using the methodology with six popular cloud apps, we were successful
in extracting various information of forensic interest in both the external and
internal storage of the mobile device
Calm before the storm: the challenges of cloud computing in digital forensics
Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed
Forensic Analysis of the ChatSecure Instant Messaging Application on Android Smartphones
We present the forensic analysis of the artifacts generated on Android
smartphones by ChatSecure, a secure Instant Messaging application that provides
strong encryption for transmitted and locally-stored data to ensure the privacy
of its users.
We show that ChatSecure stores local copies of both exchanged messages and
files into two distinct, AES-256 encrypted databases, and we devise a technique
able to decrypt them when the secret passphrase, chosen by the user as the
initial step of the encryption process, is known.
Furthermore, we show how this passphrase can be identified and extracted from
the volatile memory of the device, where it persists for the entire execution
of ChatSecure after having been entered by the user, thus allowing one to carry
out decryption even if the passphrase is not revealed by the user.
Finally, we discuss how to analyze and correlate the data stored in the
databases used by ChatSecure to identify the IM accounts used by the user and
his/her buddies to communicate, as well as to reconstruct the chronology and
contents of the messages and files that have been exchanged among them.
For our study we devise and use an experimental methodology, based on the use
of emulated devices, that provides a very high degree of reproducibility of the
results, and we validate the results it yields against those obtained from real
smartphones
Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers
There is a growing demand for cloud storage services such as Dropbox, Box,
Syncplicity and SugarSync. These public cloud storage services can store
gigabytes of corporate and personal data in remote data centres around the
world, which can then be synchronized to multiple devices. This creates an
environment which is potentially conducive to security incidents, data breaches
and other malicious activities. The forensic investigation of public cloud
environments presents a number of new challenges for the digital forensics
community. However, it is anticipated that end-devices such as smartphones,
will retain data from these cloud storage services. This research investigates
how forensic tools that are currently available to practitioners can be used to
provide a practical solution for the problems related to investigating cloud
storage environments. The research contribution is threefold. First, the
findings from this research support the idea that end-devices which have been
used to access cloud storage services can be used to provide a partial view of
the evidence stored in the cloud service. Second, the research provides a
comparison of the number of files which can be recovered from different
versions of cloud storage applications. In doing so, it also supports the idea
that amalgamating the files recovered from more than one device can result in
the recovery of a more complete dataset. Third, the chapter contributes to the
documentation and evidentiary discussion of the artefacts created from specific
cloud storage applications and different versions of these applications on iOS
and Android smartphones
- …