Abstract
Cloud computing services can be accessed via browsers or client applications on networked devices such as desktop computers, laptops, tablets and smartphones, which are generally referred to as endpoint devices. Data relevant to forensic investigations may be stored on endpoint devices and/or at cloud service providers. When cloud services are accessed from an endpoint device, several files and folders are created on the device; the data can be accessed by a digital forensic investigator using various tools. An investigator may also use an application programming interface made available by a cloud service provider to obtain forensic information from the cloud related to objects, events and file metadata associated with a cloud user. This chapter presents a taxonomy of the forensic tools used to extract data from endpoint devices and from cloud service providers. The tool taxonomy provides investigators with an easily searchable catalog of tools that can meet their technical requirements during cloud forensic investigations.
Chapter PDF
References
Belkasoft, Belkasoft Acquisition Tool, Menlo Park, California (belkasoft.com/bat), 2018.
B. Blakeley, C. Cooney, A. Dehghantanha and R. Aspin, Cloud storage forensics: hubiC as a case-study, Proceedings of the Seventh IEEE International Conference on Cloud Computing Technology and Science, pp. 536–541, 2015.
Cellebrite, UFED Cloud Extractor, Petah Tikva, Israel (www.cellebrite.com/Mobile-Forensics/Products/ufed-cloud-analyzer), 2018.
H. Chung, J. Park, S. Lee and C. Kang, Digital forensic investigation of cloud storage services, Digital Investigation, vol. 9(2), pp. 81–95, 2012.
F. Daryabar, A. Dehghantanha and K. Choo, Cloud storage forensics: Mega as a case study, Australian Journal of Forensic Sciences, vol. 49(3), pp. 344–357, 2017.
F. Daryabar, A. Dehghantanha, B. Eterovic-Soric and K. Choo, Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices, Australian Journal of Forensic Sciences, vol. 48(6), pp. 615–642, 2016.
J. Dykstra and A. Sherman, Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust and techniques, Digital Investigation, vol. 9(S), pp. S90–S98, 2012.
S. Easwaramoorthy, S. Thamburasa, G. Samy, S. Bhushan and K. Aravind, Digital forensic evidence collection of cloud storage data for investigation, Proceedings of the International Conference on Recent Trends in Information Technology, 2016.
Elcomsoft Proactive Software, Elcomsoft Cloud eXplorer, Moscow, Russia (www.elcomsoft.com/ecx.html), 2018.
Elcomsoft Proactive Software, Elcomsoft Phone Breaker, Moscow, Russia (www.elcomsoft.com/eppb.html), 2018.
M. Epifani, Cloud storage forensics, presented at the SANS European Digital Forensics Summit, 2013.
C. Federici, Cloud Data Imager: A unified answer to remote acquisition of cloud storage areas, Digital Investigation, vol. 11(1), pp. 30–42, 2014.
F-Response, F-Response Universal, Tampa, Florida (www.f-response.com), 2018.
Google, Google Drive API v3, Mountain View, California (developers.google.com/apis-explorer), 2018.
Google, Google Drive APIs, Mountain View, California (developers.google.com/drive), 2018.
G. Grispos, W. Glisson and T. Storer, Using smartphones as a proxy for forensic evidence contained in cloud storage services, Proceedings of the Forty-Sixth Hawaii International Conference on System Sciences, pp. 4910–4919, 2013.
G. Grispos, W. Glisson and T. Storer, Recovering residual forensic data from smartphone interactions with cloud storage providers, in The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues, R. Ko and K. Choo (Eds.), Syngress, Boston, Massachusetts, pp. 347–382, 2015.
Guidance Software, EnCase eDiscovery, Pasadena, California (www.guidancesoftware.com/encase-ediscovery?cmpid=nav_r), 2018.
Guidance Software, EnCase Forensic 8, Pasadena, California (www.guidancesoftware.com/encase-forensic?cmpid=nav_r), 2018.
J. Hale, Amazon Cloud Drive forensic analysis, Digital Investigation, vol. 10(3), pp. 259–265, 2013.
J. Koppen, G. Gent, K. Bryan, L. DiPippo, J. Kramer, M. Moreland and V. Fay-Wolfe, Identifying remnants of evidence in the cloud, in Digital Forensics and Cyber Crime, M. Rogers and K. Seigfried-Spellar (Eds.), Springer, Heidelberg, Germany, pp. 42–57, 2012.
T. Leschke, Cyber dumpster-diving: \$Recycle.Bin forensics for Windows 7 and Windows Vista, presented at the Department of Defense Cyber Crime Conference, 2010.
Magnet Forensics, Artifacts, Herndon, Virginia (www.magnetforensics.com/artifacts), 2018.
Magnet Forensics, Dropbox Decryptor Version 1.3, Herndon, Virginia (www.magnetforensics.com/free-tool-dropbox-decryptor), 2018.
B. Martini and K. Choo, Cloud storage forensics: ownCloud as a case study, Digital Investigation, vol. 10(4), pp. 287–299, 2013.
F. Marturana, G. Me and S. Tacconi, A case study on digital forensics in the cloud, Proceedings of the International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 111–116, 2012.
J. McQuaid, Forensic Analysis of LNK Files, Magnet Forensics, Herndon, Virginia (www.magnetforensics.com/computer-forensics/forensic-analysis-of-lnk-files), August 6, 2014.
J. McQuaid, Forensic Analysis of Prefetch files in Windows, Magnet Forensics, Herndon, Virginia (www.magnetforensics.com/computer-forensics/forensic-analysis-of-prefetch-files-in-windows) August 6, 2014.
S. Mehreen and B. Aslam, Windows 8 cloud storage analysis: Dropbox forensics, Proceedings of the Twelfth International Bhurban Conference on Applied Sciences and Technology, pp. 312–317, 2015.
Microsoft, Dynamic-Link Libraries, Redmond, Washington (msdn.microsoft.com/en-us/library/windows/desktop/ms682589(v=vs.85).aspx), 2018.
Microsoft, Use the Microsoft Graph API, Redmond, Washington (developer.microsoft.com/en-us/graph/docs/concepts/use\_the\_api), 2018.
MSAB, XRY – Extract, Stockholm, Sweden (www.msab.com/products/xry/#cloud), 2018.
National Institute of Standards and Technology, Computer Forensics Tool Testing (CFTT) Program, Gaithersburg, Maryland (www.cftt.nist.gov), 2018.
Network Associates, Windows Data Protection, Microsoft, Redmond, Washington (msdn.microsoft.com/en-us/library/ms995355.aspx), 2001.
NIST Cloud Computing Forensic Science Working Group, NIST Cloud Computing Forensic Science Challenges, Draft NISTIR 8006, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, Maryland, 2014.
K. Oestreicher, A forensically-robust method for acquisition of iCloud data, Digital Investigation, vol. 11(S2), pp. S106–S113, 2014.
Oxygen Forensics, Oxygen Forensic Detective, Alexandria, Virginia (www.oxygen-forensic.com/en/products/oxygen-forensic-detective), 2018.
D. Quick and K. Choo, Digital droplets: Microsoft SkyDrive forensic data remnants, Future Generation Computer Systems, vol. 29(6), pp. 1378–1394, 2013.
D. Quick and K. Choo, Dropbox analysis: Data remnants on user machines, Digital Investigation, vol. 10(1), pp. 3–18, 2013.
D. Quick, B. Martini and K. Choo, Cloud Storage Forensics, Syngress, Boston, Massachusetts, 2014.
N. Rahman, N. Cahyani and K. Choo, Cloud incident handling and forensics-by-design: Cloud storage as a case study, Concurrency and Computation: Practice and Experience, vol. 29(14), 2016.
V. Roussev, I. Ahmed, A. Barreto, S. McCulley and V. Shanmughan, Cloud forensics – Tool development studies and future outlook, Digital Investigation, vol. 18, pp. 79–95, 2016.
V. Roussev, A. Barreto and I. Ahmed, API-based forensic acquisition of cloud drives, in Advances in Digital Forensics XII, G. Peterson and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 213–235, 2016.
K. Ruan, J. Carthy, T. Kechadi and I. Baggili, Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results, Digital Investigation, vol. 10(1), pp. 34–43, 2013.
SysTools Software, MailXaminer, Pune, India (www.mailxaminer.com/product), 2018.
S. Thamburasa, S. Easwaramoorthy, K. Aravind, S. Bhushan and U. Moorthy, Digital forensic analysis of cloud storage data in IDrive and Mega cloud drive, Proceedings of the International Conference on Inventive Computation Technologies, 2016.
S. Zawoad and R. Hasan, Cloud Forensics: A Meta-Study of Challenges, Approaches and Open Problems, Technical Report, Department of Computer Science, University of Alabama at Birmingham, Birmingham, Alabama, 2013.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 IFIP International Federation for Information Processing
About this paper
Cite this paper
Mishra, A.K., Pilli, E., Govil, M. (2018). A Taxonomy of Cloud Endpoint Forensic Tools. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIV. DigitalForensics 2018. IFIP Advances in Information and Communication Technology, vol 532. Springer, Cham. https://doi.org/10.1007/978-3-319-99277-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-99277-8_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99276-1
Online ISBN: 978-3-319-99277-8
eBook Packages: Computer ScienceComputer Science (R0)