Cloud forensics–Tool development studies & future outlook
| Autor: | Shane McCulley, Andres Barreto, Vivek Shanmughan, Vassil Roussev, Irfan Ahmed |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
business.industry
Computer science Software as a service 020206 networking & telecommunications 020207 software engineering Context (language use) Cloud computing 02 engineering and technology Data science Computer Science Applications World Wide Web Medical Laboratory Technology Work (electrical) Development studies Argument 0202 electrical engineering electronic engineering information engineering Cloud forensics business Law |
| Zdroj: | Digital Investigation. 18:79-95 |
| ISSN: | 1742-2876 |
| DOI: | 10.1016/j.diin.2016.05.001 |
| Popis: | In this work, we describe our experiences in developing cloud forensics tools and use them to support three main points:First, we make the argument that cloud forensics is a qualitatively different problem. In the context of SaaS, it is incompatible with long-established acquisition and analysis techniques, and requires a new approach and forensic toolset. We show that client-side techniques, which are an extension of methods used over the last three decades, have inherent limitations that can only be overcome by working directly with the interfaces provided by cloud service providers.Second, we present our results in building forensic tools in the form of three case studies: kumodd-a tool for cloud drive acquisition, kumodocs-a tool for Google Docs acquisition and analysis, and kumofs-a tool for remote preview and screening of cloud drive data. We show that these tools, which work with the public and private APIs of the respective services, provide new capabilities that cannot be achieved by examining client-side artifacts.Finally, we use current IT trends, and our lessons learned, to outline the emerging new forensic landscape, and the most likely course of tool development over the next five years. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full Text from ScienceDirect