A forensic acquisition and analysis system for IaaS

Cloud computing is a promising next-generation computing paradigm that offers significant economic benefits to both commercial and public entities. Furthermore, cloud computing provides accessibility, simplicity, and portability for its customers. Due to the unique combination of characteristics that cloud computing introduces (including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service), digital investigations face various technical, legal, and organizational challenges to keep up with current developments in the field of cloud computing. There are a wide variety of issues that need to be resolved in order to perform a proper digital investigation in the cloud environment. This paper examines the challenges in cloud forensics that are identified in the current research literature, alongside exploring the existing proposals and technical solutions addressed in the respective research. The open problems that need further effort are highlighted. As a result of the analysis of literature, it is found that it would be difficult, if not impossible, to perform an investigation and discovery in the cloud environment without relying on cloud service providers (CSPs). Therefore, dependence on the CSPs is ranked as the greatest challenge when investigators need to acquire evidence in a timely yet forensically sound manner from cloud systems. Thus, a fully independent model requires no intervention or cooperation from the cloud provider is proposed. This model provides a different approach to a forensic acquisition and analysis system (FAAS) in an Infrastructure as a Service model. FAAS seeks to provide a richer and more complete set of admissible evidences than what current CSPs provide, with no requirement for CSP involvement or modification to the CSP’s underlying architecture

Forensic imaging and analysis of Apple iOS devices

In this thesis we present our research on digital forensics on the iOS platform, structured along three areas: forensic imaging; forensic analysis; and anti-forensic techniques. In the field of forensic imaging, we demonstrate that the iPad can control external storage devices attached via USB, using Apple's Camera Connection Kit adapters. This results in a 30x speed boost compared to the traditional Wi-Fi transfer. In terms of forensic analysis, we found that printing documents wirelessly via AirPrint leaves a trace in the device that, when recovered, reveals the full contents of the documents that have been printed. Finally, in terms of anti-forensics, we created a proof-of-concept tool that disables a number of system services used by forensic tools to retrieve data. The tool also applies other hardening measures aimed at preventing the abuse of the services that remain activated.Esta tesis presenta nuestra investigación sobre informática forense en la plataforma iOS, estructurada en tres áreas: adquisición forense; análisis forense; y técnicas anti-forenses. En el campo de adquisición forense, demostramos que el iPad puede controlar dispositivos externos de almacenamiento conectados vía USB, usando los adaptadores del Apple Camera Connection Kit. Esto supone una velocidad de transferencia 30 veces superior a la transferencia vía Wi-Fi. En cuanto al análisis forense, observamos que la impresión inalámbrica de documentos vía AirPrint deja un rastro en el dispositivo que, al ser recuperado, revela el contenido completo de los documentos que hayan sido impresos. Por último, en el ámbito de técnicas anti-forenses implementamos una herramienta como prueba de concepto que deshabilita determinados servicios del sistema usados por las herramientas forenses para extraer datos del dispositivo. La herramienta también aplica otras medidas de seguridad para prevenir la explotación de los servicios que continúen activados.Aquesta tesi presenta la nostra investigació sobre informàtica forense a la plataforma iOS, estructurada en tres àrees: adquisició forense; anàlisi forense; i tècniques antiforenses. En el camp d'adquisició forense, demostrem que l'iPad pot controlar dispositius externs d'emmagatzematge connectats via USB, usant els adaptadors de l'Apple Camera Connection Kit. Això suposa una velocitat de transferència 30 vegades superior a la transferència via Wi-Fi. Pel que fa a l'anàlisi forense, observem que la impressió sense fil de documents a partir d'AirPrint deixa un rastre al dispositiu que, en ser recuperat, revela el contingut complet dels documents que hagin estat impresos. Finalment, en l'àmbit de tècniques antiforenses implementem una eina com a prova de concepte que deshabilita determinats serveis del sistema usats per les eines forenses per a extreure dades del dispositiu. L'eina també aplica altres mesures de seguretat per a prevenir l'explotació dels serveis que continuïn activats.Tecnologías de la información y de rede

Digital Forensics Investigation Frameworks for Cloud Computing and Internet of Things

Rapid growth in Cloud computing and Internet of Things (IoT) introduces new vulnerabilities that can be exploited to mount cyber-attacks. Digital forensics investigation is commonly used to find the culprit and help expose the vulnerabilities. Traditional digital forensics tools and methods are unsuitable for use in these technologies. Therefore, new digital forensics investigation frameworks and methodologies are required. This research develops frameworks and methods for digital forensics investigations in cloud and IoT platforms

CloudMe forensics : a case of big-data investigation

The significant increase in the volume, variety and velocity of data complicates cloud forensic efforts, as such big data will, at some point, become computationally expensive to be fully extracted and analyzed in a timely manner. Thus, it is important for a digital forensic practitioner to have a well-rounded knowledge about the most relevant data artefacts that could be forensically recovered from the cloud product under investigation. In this paper, CloudMe, a popular cloud storage service, is studied. The types and locations of the artefacts relating to the installation and uninstallation of the client application, logging in and out, and file synchronization events from the computer desktop and mobile clients are described. Findings from this research will pave the way towards the development of tools and techniques (e.g. data mining techniques) for cloud-enabled big data endpoint forensics investigation

ANALISIS LIVE FORENSICS PADA SSD SATA FUNGSI TRIM MENGGUNAKAN METODE NATIONAL INSTITUTE OF JUSTICE (NIJ)

Perkembangan teknologi yang kian pesat diiringi juga dengan kejahatan komputer yang meningkat. Dilansir dari Kepolisian Republik Indonesia, dalam rentang waktu April 2020 hingga Juli 2021 instansi tersebut mendapat laporan sebanyak 937 kasus. Digital Forensics atau Forensika Digital adalah cabang ilmu sains yang menginvestigasi  barang  bukti  digital  untuk  kemudian  mengumpulkan, memulihkan, dan menganalisa barang bukti tersebut . Teknik/analisis yang digunakan untuk mengungkap kejahatan komputer tersebut salah satunya adalah Live Forensics. Melakukan pemulihan data dalam penaganan kasus kejahatan komputer ketika sistem komputer dalam keadaan hidup adalah penerapan metode Live. Penelitian ini menggunakan metode yang sering digunakan yaitu metode National Institute of Justice (NIJ). National Institute of Justice (NIJ) merupakan metode yang digunakan untuk menjelaskan bagaimana tahapan penelitian yang dilakukan sehingga alur penelitian bisa selesai secara sistematis dan dapat dijadikan pedoman dalam menyelesaikan permasalahan yang ada. Tujuan dari penelitian ini adalah mengetahui tahapan pemeriksaan dan analisis pada SSD yang memiliki fungsi TRIM.Terlepas dari segala manfaat maupun keuntungan yang terdapat pada Solid State Drive (SSD) tentu saja SSD ini memiliki keterbatasan.Hasil  penelitian  dan  analisis  menggunakan perangkat lunak Autopsy dan Testdisk yaitu seluruh file berhasil dipulihkan secara sempurna dengan persentasi keakuratan 90 %. Keyword: Forensic,Solid State Drive,Kemanan Informas

Implications of Cloud Computing on Digital Forensics

Cloud computing is a paradigm for computingservices that are delivered to users over the Internet. In cloudcomputing, users rent rather than buy their computing resources.Cloud computing likely represents the next stage in the evolutionof the Internet. But the cloud computing paradigm is stilldeveloping, with numerous unknowns and many questions openfor research. One critical question that has not received muchattention is security. A significant subset is digital forensics—that is, (1) the discovery of evidence remaining on a computerafter a security breach or attack and (2) the use of that evidenceto investigate the event and establish facts for use in legalproceedings.This paper discusses the impact that cloud computingwill have on digital forensics. From a forensic perspective,cloud computing raises a number of concerns. Most immediateis whether or not forensic practitioners will be able to analyzethe Cloud using existing techniques of digital forensics. Duringa traditional forensic examination, files on the storage media areexamined along with the entire file system structure. But this maynot be a practical model for examinations in the Cloud, wherethe computer is virtual, that is, where numerous heterogeneousresources, often geographically distributed, are combined. Otherconcerns include protecting evidence against contaminationand anticipating the legal issues that will be raised by the Cloudparadigm, with its resources spread over diverse administrativeand geopolitical domains. Comprehensive security services toprotect not only the Cloud’s resources but also the data thatresides on them may need to be instituted. The open literature todate has yet to address any of these challenges.Cloud technologies are predicted to cause a paradigm shiftin digital forensic techniques. This paper discusses the applicationof traditional digital forensic examinations to cloud forensics

Proposal for a Theoretical Framework in Digital Forensics

This short paper aims to introduce a theoretical framework in digital forensics based on \u201cPhilosophy of Information\u201d. After a preliminary clarification of its key concepts, some general issues concerning \u201cInformation Quality\u201d are outlined in digital and cloud forensics. At the end, I offer a few remarks on future researches\u2019 perspectives

Forensic Discoverability of iOS Vault Applications

Vault Applications are used to store potentially sensitive information on a smartphone; and are available on Android and iOS. The purpose of using these applications could be used to hide potential evidence or illicit photos. After comparing five different iOS photo vaults, each vault left evidence and photos behind. However, of the three forensic toolkits used, each produced different results in their scans of the phone. The media left behind was due to the photo vaults not protecting their information as claimed, and using basic obfuscation techniques in place of security controls. Future research will look at how newer security controls are implemented, and if they are easily discoverable as well