Cloud forensics–Tool development studies & future outlook |
| |
| Institution: | 2. University of Salford, Salford, United Kingdom;3. University of Texas at San Antonio, San Antonio, TX, United States;4. University of South Australia, Adelaide, SA, Australia;1. Sapienza University of Rome, Dipartimento di Informatica, via Salaria 113, Roma, Italy;2. Cybersecurity Research Department, Nokia Bell Labs, Paris, France;3. Università di Padova, Dipartimento di Matematica, via Trieste 63, Padova, Italy;4. IAC-CNR, via dei Taurini, 19, Roma 00185, Italy;5. Roma Tre University, Maths and Physics Department, Roma, Italy;1. Department of Computer Science, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, UPM Serdang, Selangor, Malaysia;2. The School of Computing, Science & Engineering, Newton Building, University of Salford, Salford, Greater Manchester, United Kingdom;3. Department of Information Systems and Cyber Security, University of Texas at San Antonio, USA;4. Information Assurance Research Group, University of South Australia, Adelaide, South Australia, Australia;5. School of Computer Science, China University of Geosciences, Wuhan, China;6. School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China;7. Department of Computer Science, St. Francis Xavier University, Antigonish, NS, Canada |
| |
| Abstract: | In this work, we describe our experiences in developing cloud forensics tools and use them to support three main points:First, we make the argument that cloud forensics is a qualitatively different problem. In the context of SaaS, it is incompatible with long-established acquisition and analysis techniques, and requires a new approach and forensic toolset. We show that client-side techniques, which are an extension of methods used over the last three decades, have inherent limitations that can only be overcome by working directly with the interfaces provided by cloud service providers.Second, we present our results in building forensic tools in the form of three case studies: kumodd–a tool for cloud drive acquisition, kumodocs–a tool for Google Docs acquisition and analysis, and kumofs–a tool for remote preview and screening of cloud drive data. We show that these tools, which work with the public and private APIs of the respective services, provide new capabilities that cannot be achieved by examining client-side artifacts.Finally, we use current IT trends, and our lessons learned, to outline the emerging new forensic landscape, and the most likely course of tool development over the next five years. |
| |
| Keywords: | Cloud forensics SaaS Cloud-native artifacts kumodd kumodocs kumofs Future forensics |
| 本文献已被 ScienceDirect 等数据库收录! |
|
