Premium
Analyzing Data Remnant Remains on User Devices to Determine Probative Artifacts in Cloud Environment
Author(s) -
Ahmed Abdulghani Ali,
Xue Li Chua
Publication year - 2018
Publication title -
journal of forensic sciences
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.715
H-Index - 96
eISSN - 1556-4029
pISSN - 0022-1198
DOI - 10.1111/1556-4029.13506
Subject(s) - computer science , cloud computing , upload , cloud storage , directory , digital forensics , the internet , database , world wide web , data file , cybercrime , login , computer security , operating system
Cloud storage service allows users to store their data online, so that they can remotely access, maintain, manage, and back up data from anywhere via the Internet. Although helpful, this storage creates a challenge to digital forensic investigators and practitioners in collecting, identifying, acquiring, and preserving evidential data. This study proposes an investigation scheme for analyzing data remnants and determining probative artifacts in a cloud environment. Using pC loud as a case study, this research collected the data remnants available on end‐user device storage following the storing, uploading, and accessing of data in the cloud storage. Data remnants are collected from several sources, including client software files, directory listing, prefetch, registry, network PCAP , browser, and memory and link files. Results demonstrate that the collected remnants data are beneficial in determining a sufficient number of artifacts about the investigated cybercrime.