Cloud Data Imager: A unified answer to remote acquisition of cloud storage areas |
| |
Affiliation: | 1. Department of Computer Science, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, UPM Serdang, Selangor, Malaysia;2. The School of Computing, Science & Engineering, Newton Building, University of Salford, Salford, Greater Manchester, United Kingdom;3. Department of Information Systems and Cyber Security, University of Texas at San Antonio, USA;4. Information Assurance Research Group, University of South Australia, Adelaide, South Australia, Australia;5. School of Computer Science, China University of Geosciences, Wuhan, China;6. School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China;7. Department of Computer Science, St. Francis Xavier University, Antigonish, NS, Canada |
| |
Abstract: | The pervasive availability of cheap cloud computing services for data storage, either as persistence layer to applications or as mere object store dedicated to final users, is remarkably increasing the chance that cloud platforms potentially host evidence of criminal activity. Once presented a proper court order, cloud providers would be in the best position for extracting relevant data from their platforms in the most reliable and complete way. However, this kind of services are not so widespread to date and, therefore, the need to adopt a structured and forensically sound approach calls for innovative weaponry which leverage the data harvesting capabilities offered by the low level program interfaces exposed by providers. This paper describes the concepts and internals of the Cloud Data Imager Library, a mediation layer that offers a read only access to files and metadata of selected remote folders and currently supports access to Dropbox, Google Drive and Microsoft Skydrive storage facilities. A demo application has been build on top of the library which allows directory browsing, file content view and imaging of folder trees with export to widespread forensic formats. |
| |
Keywords: | Cloud storage Remote forensic acquisition Dropbox Microsoft Skydrive Google Drive Cloud computing Computer forensics Interoperability ISO/IEC 27037 Virtual volume |
本文献已被 ScienceDirect 等数据库收录! |
|