4 research outputs found
Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers
There is a growing demand for cloud storage services such as Dropbox, Box,
Syncplicity and SugarSync. These public cloud storage services can store
gigabytes of corporate and personal data in remote data centres around the
world, which can then be synchronized to multiple devices. This creates an
environment which is potentially conducive to security incidents, data breaches
and other malicious activities. The forensic investigation of public cloud
environments presents a number of new challenges for the digital forensics
community. However, it is anticipated that end-devices such as smartphones,
will retain data from these cloud storage services. This research investigates
how forensic tools that are currently available to practitioners can be used to
provide a practical solution for the problems related to investigating cloud
storage environments. The research contribution is threefold. First, the
findings from this research support the idea that end-devices which have been
used to access cloud storage services can be used to provide a partial view of
the evidence stored in the cloud service. Second, the research provides a
comparison of the number of files which can be recovered from different
versions of cloud storage applications. In doing so, it also supports the idea
that amalgamating the files recovered from more than one device can result in
the recovery of a more complete dataset. Third, the chapter contributes to the
documentation and evidentiary discussion of the artefacts created from specific
cloud storage applications and different versions of these applications on iOS
and Android smartphones
Analysing distributed Internet worm attacks using continuous state-space approximation of process algebra models
AbstractInternet worms are classically described using SIR models and simulations, to capture the massive dynamics of the system. Here we are able to generate a differential equation-based model of infection based solely on the underlying process description of the infection agent model. Thus, rather than craft a differential equation model directly, we derive this representation automatically from a high-level process model expressed in the PEPA process algebra. This extends existing population infection dynamics models of Internet worms by explicitly using frequency-based spread of infection. Three types of worm attack are analysed which are differentiated by the nature of recovery from infection and vulnerability to subsequent attacks.To perform this analysis we make use of continuous state-space approximation, a recent breakthrough in the analysis of massively parallel stochastic process algebra models. Previous explicit state-representation techniques can only analyse systems of order 109 states, whereas continuous state-space approximation can allow analysis of models of 1010000 states and beyond