Research Area: Digital Forensics
Due to the flexibility, affordability, and portability of cloud storage, individuals and companies envisage cloud storage as one of the preferred storage media nowadays. This attracts the eyes of cyber criminals, since much valuable information such as user credentials and private customer records are stored in the cloud. There are many ways for criminals to compromise cloud services; ranging from nontechnical attack methods, such as social engineering, to deploying advanced malwares. Therefore, it is vital for cyber forensics examiners to be equipped and informed about best methods for investigation of different cloud platforms. In this chapter, using pCloud (an extensively used online cloud storage service) as a case study, and we elaborate on different kinds of artifacts retrievable during a forensic examination. We carried out our experiments on four different virtual machines running four popular operating systems: a 64 bit Windows 8, Ubuntu 14.04.1 LTS, Android 4.4.2, and iOS 8.1. Moreover, we examined cloud remnants of two different web browsers: Internet Explorer and Google Chrome on Windows. We believe that our study would promote awareness among digital forensic examiners on how to conduct cloud storage forensics examination.
Keywords:
Author(s) Name: T. Dargahi, A. Dehghantanha, M. Conti
Journal name: Contemporary Digital Forensic Investigations of Cloud and Mobile Applications
Conferrence name:
Publisher name: ELSEVIER
DOI: 10.1016/B978-0-12-805303-4.00012-5
Volume Information: Pages 185-204
