Advertisement

A Closer Look at Syncany Windows and Ubuntu Clients’ Residual Artefacts

  • Yee-Yang TeingEmail author
  • Ali Dehghantanha
  • Kim-Kwang Raymond Choo
  • Zaiton Muda
  • Mohd Taufik Abdullah
  • Wee-Chiat Chai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10067)

Abstract

In this paper, we seek to determine the residual artefacts of forensic value on Windows and Ubuntu client machines of using Syncany private cloud storage service. We demonstrate the types and the locations of the artefacts that can be forensically recovered (e.g. artefacts associated with the installation, uninstallation, log-in, log-off, and file synchronisation actions). Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics related to the collection of big data artefacts from a private cloud storage service, which have real-world implications and impacts (e.g. in criminal investigations and civil litigations). Echoing the observations of Ab Rahman et al. (2006), we reiterated the importance of forensic-by-design in future cloud-enabled big data storage solutions.

Keywords

Cloud forensics Cloud-enabled big data storage forensics Syncany forensics Client forensics Memory forensics 

References

  1. 1.
    Damshenas, M., Dehghantanha, A., Mahmoud, R., bin Shamsuddin, S.: Forensics investigation challenges in cloud computing environments. In: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 190–194 (2012)Google Scholar
  2. 2.
    Cauthen, J.M.: Executing Search Warrants in the Cloud. https://leb.fbi.gov/2014/october/executing-search-warrants-in-the-cloud
  3. 3.
    Quick, D., Choo, K.-K.R.: Big forensic data reduction: digital forensic images and electronic evidence. Clust. Comput. 19, 1–18 (2016) CrossRefGoogle Scholar
  4. 4.
    Quick, D., Choo, K.-K.R.: Impacts of increasing volume of digital forensic data: A survey and future research challenges. Digit. Investig. 11, 273–294 (2014)CrossRefGoogle Scholar
  5. 5.
    Quick, D., Choo, K.-K.R.: Data reduction and data mining framework for digital forensic evidence: Storage, intelligence, review, and archive. Trends Issues Crime Crim. Justice. 480, 1–11 (2014)Google Scholar
  6. 6.
    Watson, S., Dehghantanha, A.: Digital forensics: the missing piece of the Internet of Things promise. Comput. Fraud Secur. 2016, 5–8 (2016)CrossRefGoogle Scholar
  7. 7.
    Daryabar, F., Dehghantanha, A.: A review on impacts of cloud computing and digital forensics. Int. J. Cyber-Secur. Digit. Forensics IJCSDF. 3, 183–199 (2014)Google Scholar
  8. 8.
    Hooper, C., Martini, B., Choo, K.-K.R.: Cloud computing and its implications for cybercrime investigations in Australia. Comput. Law Secur. Rev. 29, 152–163 (2013)CrossRefGoogle Scholar
  9. 9.
    National Institute of Standards and Technology (NIST): NIST Cloud Computing Forensic Science Challenges (2014). http://safegov.org/media/72648/nist_digital_forensics_draft_8006.pdf
  10. 10.
    Quick, D., Martini, B., Choo, R.: Cloud Storage Forensics. Syngress, Amsterdam (2013)Google Scholar
  11. 11.
    Martini, B., Choo, K.-K.R.: Cloud forensic technical challenges and solutions: a snapshot. IEEE Cloud Comput. 1, 20–25 (2014)CrossRefGoogle Scholar
  12. 12.
    Heckel, P.C.: Syncany explained: idea, progress, development and future (part 1). https://blog.heckel.xyz/2013/10/18/syncany-explained-idea-progress-development-future/
  13. 13.
    Heckel, P.C.: Deep into the code of Syncany - command line client, application flow and data model (part 2). https://blog.heckel.xyz/2014/02/14/deep-into-the-code-of-syncany-cli-application-flow-and-data-model/
  14. 14.
    Syncany: Syncany User Guide. https://syncany.readthedocs.io/en/latest/
  15. 15.
    Quick, D., Choo, K.-K.R.: Dropbox analysis: Data remnants on user machines. Digit. Investig. 10, 3–18 (2013)CrossRefGoogle Scholar
  16. 16.
    Quick, D., Choo, K.-K.R.: Digital droplets: microsoft SkyDrive forensic data remnants. Future Gener. Comput. Syst. 29, 1378–1394 (2013)CrossRefGoogle Scholar
  17. 17.
    Quick, D., Choo, K.-K.R.: Google drive: forensic analysis of data remnants. J. Netw. Comput. Appl. 40, 179–193 (2014)CrossRefGoogle Scholar
  18. 18.
    Mell, P., Grance, T.: The NIST definition of cloud computing (2011)Google Scholar
  19. 19.
    Ruan, K., Carthy, J., Kechadi, T., Baggili, I.: Cloud forensics definitions and critical criteria for cloud forensic capability: an overview of survey results. Digit. Investig. 10, 34–43 (2013)CrossRefGoogle Scholar
  20. 20.
    Ruan, K., Baggili, I., Carthy, J., Kechadi, T.: Survey on cloud forensics and critical criteria for cloud forensic capability: a preliminary analysis. Electr. Comput. Eng. Comput. Sci. Fac. Publ. (2011)Google Scholar
  21. 21.
    Simou, S., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Cloud forensics: identifying the major issues and challenges. In: Jarke, M., Mylopoulos, J., Quix, C., Rolland, C., Manolopoulos, Y., Mouratidis, H., Horkoff, J. (eds.) CAiSE 2014. LNCS, vol. 8484, pp. 271–284. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-07881-6_19 Google Scholar
  22. 22.
    Pichan, A., Lazarescu, M., Soh, S.T.: Cloud forensics: technical challenges, solutions and comparative analysis. Digit. Investig. 13, 38–57 (2015)CrossRefGoogle Scholar
  23. 23.
    Fahdi, M.A., Clarke, N.L., Furnell, S.M.: Challenges to digital forensics: a survey of researchers amp; practitioners attitudes and opinions. In: 2013 Information Security for South Africa, pp. 1–8 (2013)Google Scholar
  24. 24.
    Birk, D., Wegener, C.: Technical issues of forensic investigations in cloud computing environments. In: 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp. 1–10 (2011)Google Scholar
  25. 25.
    Sibiya, G., Venter, H.S., Fogwill, T.: Digital forensics in the cloud: the state of the art. In: IST-Africa Conference, 2015, pp. 1–9 (2015)Google Scholar
  26. 26.
    Taylor, M., Haggerty, J., Gresty, D., Almond, P., Berry, T.: Forensic investigation of social networking applications. Netw. Secur. 2014, 9–16 (2014)CrossRefGoogle Scholar
  27. 27.
    Daryabar, F., Dehghantanha, A., Udzir, N.I., Sani, N.F., Binti, M., Shamsuddin, S.B.: A review on impacts of cloud computing on digital forensics. Int. J. Cyber-Secur. Digit. Forensics IJCSDF 2, 77–94 (2013)Google Scholar
  28. 28.
    Wilkinson, S.: ACPO Good Practice Guide for Digital Evidence, http://www.cps.gov.uk/legal/assets/uploads/files/ACPO_guidelines_computer_evidence[1].pdf, (2012)
  29. 29.
    Kent, K., Chevalier, S., Grance, T.: Guide to Integrating Forensic Techniques into Incident (2006)Google Scholar
  30. 30.
    Farina, J., Scanlon, M., Le-Khac, N.A., Kechadi, M.T.: Overview of the forensic investigation of cloud services. In: 2015 10th International Conference on Availability, Reliability and Security (ARES), pp. 556–565 (2015)Google Scholar
  31. 31.
    Damshenas, M., Dehghantanha, A., Mahmoud, R.: A survey on digital forensics trends. Int. J. Cyber-Secur. Digit. Forensics. 3, 209–235 (2014)Google Scholar
  32. 32.
    Martini, B., Choo, K.-K.R.: An integrated conceptual digital forensic framework for cloud computing. Digit. Investig. 9, 71–80 (2012)CrossRefGoogle Scholar
  33. 33.
    McKemmish, R.: What is Forensic Computing. Australian Institute of Criminology, Canberra (1999)Google Scholar
  34. 34.
    Martini, B., Choo, K.-K.R.: Cloud storage forensics: ownCloud as a case study. Digit. Investig. 10, 287–299 (2013)CrossRefGoogle Scholar
  35. 35.
    Thethi, N., Keane, A.: Digital forensics investigations in the cloud. Presented at the February (2014)Google Scholar
  36. 36.
    Martini, B., Choo, K.-K.R.: Remote programmatic vCloud forensics: a six-step collection process and a proof of concept. In: Proceedings of 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2014), pp. 935–942. IEEE (2014)Google Scholar
  37. 37.
    Martini, B., Choo, K.-K.R.: Distributed filesystem forensics: XtreemFS as a case study. Digit. Investig. 11, 295–313 (2014)CrossRefGoogle Scholar
  38. 38.
    Chung, H., Park, J., Lee, S., Kang, C.: Digital forensic investigation of cloud storage services. Digit. Investig. 9, 81–95 (2012)CrossRefGoogle Scholar
  39. 39.
    Scanlon, M., Farina, J., Kechadi, M.-T.: BitTorrent Sync: Network Investigation Methodology (2014)Google Scholar
  40. 40.
    Scanlon, M., Farina, J., Khac, N.A.L., Kechadi, T.: Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync. ArXiv14098486 Cs (2014)Google Scholar
  41. 41.
    Teing, Y.-Y., Dehghantanha, A., Choo, K.-K.R., Yang, L.T.: Forensic investigation of P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as a case study. Comput. Electr. Eng. 1–14 (2016) Google Scholar
  42. 42.
    Do, Q., Martini, B., Choo, K.-K.R.: A forensically sound adversary model for mobile devices. PLoS ONE 10, e0138449 (2015)CrossRefGoogle Scholar
  43. 43.
    Do, Q., Martini, B., Choo, K.-K.R.: Is the data on your wearable device secure? An Android Wear smartwatch case study. Softw. Pract. Exp. (2016)Google Scholar
  44. 44.
    Ab Rahman, N.H., Cahyani, N.D.W., Choo, K.-K.R.: Cloud incident handling and forensic-by-design: cloud storage as a case study. Concurr. Comput. Pract. Exp. (2016)Google Scholar
  45. 45.
    Marty, R.: Cloud application logging for forensics. In: Proceedings of the 2011 ACM Symposium on Applied Computing, pp. 178–184. ACM, New York (2011)Google Scholar
  46. 46.
    Shields, C., Frieder, O., Maloof, M.: A system for the proactive, continuous, and efficient collection of digital forensic evidence. Digit. Investig. 8(Supplement), S3–S13 (2011)CrossRefGoogle Scholar
  47. 47.
    Zawoad, S., Hasan, R.: Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems. ArXiv13026312 Cs (2013)Google Scholar
  48. 48.
    Dykstra, J., Sherman, A.T.: Design and implementation of FROST: digital forensic tools for the OpenStack cloud computing platform. Digit. Investig. 10, S87–S95 (2013)CrossRefGoogle Scholar
  49. 49.
    Gebhardt, T., Reiser, H.P.: Network forensics for cloud computing. In: Dowling, J., Taïani, F. (eds.) Distributed Applications and Interoperable Systems, pp. 29–42. Springer, Berlin Heidelberg (2013)CrossRefGoogle Scholar
  50. 50.
    Quick, D., Choo, K.-K.R.: Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Digit. Investig. 10, 266–277 (2013)CrossRefGoogle Scholar
  51. 51.
    Teing, Y.-Y., Ali, D., Choo, K.-K.R., Conti, M., Dargahi, T.: Forensic investigation of cooperative storage cloud service: symform as a case study. J. Forensics Sci. 1–14 (in Press, 2016)Google Scholar
  52. 52.
    Hale, J.S.: Amazon Cloud Drive forensic analysis. Digit. Investig. 10, 259–265 (2013)CrossRefGoogle Scholar
  53. 53.
    Farina, J., Scanlon, M., Kechadi, M.-T.: BitTorrent Sync: First Impressions and Digital Forensic Implications. Digit. Investig. 11(Supplement 1), S77–S86 (2014)CrossRefGoogle Scholar
  54. 54.
    Shariati, M., Dehghantanha, A., Choo, K.-K.R.: SugarSync forensic analysis. Aust. J. Forensic Sci. 0, 1–23 (2015)Google Scholar
  55. 55.
    Shariati, M., Dehghantanha, A., Martini, B., Choo, K.-K.R.: Ubuntu One investigation: Detecting evidences on client machines, Chap. 19. In: The Cloud Security Ecosystem. pp. 429–446. Syngress, Boston (2015)Google Scholar
  56. 56.
    Blakeley, B., Cooney, C., Dehghantanha, A., Aspin, R.: Cloud storage forensic: hubiC as a case-study. In: 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 536–541 (2015)Google Scholar
  57. 57.
    Daryabar, F., Dehghantanha, A., Choo, K.-K.R.: Cloud storage forensics: MEGA as a case study. Aust. J. Forensic Sci. 0, 1–14 (2016)Google Scholar
  58. 58.
    Martini, B., Do, Q., Choo, K.-K.R.: Mobile cloud forensics: an analysis of seven popular Android apps. In: The Cloud Security Ecosystem, pp. 309–345. Syngress, Boston, Chap. 15 (2015)Google Scholar
  59. 59.
    Daryabar, F., Dehghantanha, A., Eterovic-Soric, B., Choo, K.-K.R.: Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices. Aust. J. Forensic Sci. 0, 1–28 (2016)Google Scholar
  60. 60.
    Norouzizadeh Dezfouli, F., Dehghantanha, A., Eterovic-Soric, B., Choo, K.-K.R.: Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google + artefacts on Android and iOS platforms. Aust. J. Forensic Sci. 1–20 (2015)Google Scholar
  61. 61.
    Ibrahim, N.M., Al-Nemrat, A., Jahankhani, H., Bashroush, R.: Sufficiency of windows event log as evidence in digital forensics. In: Akan, O., Bellavista, P., Cao, J., Dressler, F., Ferrari, D., Gerla, M., Kobayashi, H., Palazzo, S., Sahni, S., Shen, X., Stan, M., Xiaohua, J., Zomaya, A., Coulson, G., Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) Global Security, Safety and Sustainability & e-Democracy, pp. 253–262. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  62. 62.
    Do, Q., Martini, B., Looi, J., Wang, Y., Choo, K.-K.: Windows event forensic process. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics X, pp. 87–100. Springer, Heidelberg (2014)Google Scholar
  63. 63.
    Yang, T.Y., Dehghantanha, A., Choo, K.-K.R., Muda, Z.: Windows instant messaging app forensics: Facebook and Skype as case studies. PLoS ONE 11, e0150300 (2016)CrossRefGoogle Scholar
  64. 64.
    Yusoff, M.N., Ramlan, M., Dehghantanha, A., Abdullah, M.T.: Advances of Mobile Forensic Procedures in Firefox OS. Int. J. Cyber-Secur. Digit. Forensics. 3, 183–199 (2014)Google Scholar
  65. 65.
    Yusoff, M.N., Mahmod, R., Abdullah, M.T., Dehghantanha, A.: Performance measurement for mobile forensic data acquisition in Firefox OS. Int. J. Cyber-Secur. Digit. Forensics. 3, 130–140 (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Yee-Yang Teing
    • 1
    • 2
    Email author
  • Ali Dehghantanha
    • 2
  • Kim-Kwang Raymond Choo
    • 3
    • 4
  • Zaiton Muda
    • 1
  • Mohd Taufik Abdullah
    • 1
  • Wee-Chiat Chai
    • 1
  1. 1.Department of Computer Science, Faculty of Computer Science and Information TechnologyUniversiti Putra Malaysia, UPMSerdangMalaysia
  2. 2.The School of Computing, Science and EngineeringUniversity of SalfordSalfordUK
  3. 3.Information Assurance Research GroupUniversity of South AustraliaAdelaideAustralia
  4. 4.Department of Information Systems and Cyber SecurityUniversity of Texas at San AntonioSan AntonioUSA

Personalised recommendations