Cloud storage forensics:
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Buch |
| Sprache: | English |
| Veröffentlicht: |
Amsterdam [u.a.]
Elsevier Syngress
2014
|
| Schriftenreihe: | Syngress
|
| Schlagworte: | |
| Online-Zugang: | Inhaltsverzeichnis Klappentext |
| Beschreibung: | XVIII, 189 S. graph. Darst. 24 cm |
| ISBN: | 9780124199705 |
Internformat
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV041994606 | ||
| 003 | DE-604 | ||
| 005 | 20140819 | ||
| 007 | t | ||
| 008 | 140725s2014 d||| |||| 00||| eng d | ||
| 016 | 7 | |a 016546960 |2 DE-101 | |
| 020 | |a 9780124199705 |c pbk. : £42.99 |9 978-012-419-970-5 | ||
| 035 | |a (OCoLC)889931974 | ||
| 035 | |a (DE-599)BSZ399486623 | ||
| 040 | |a DE-604 |b ger | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-739 | ||
| 082 | 0 | |a 363.25028546782 | |
| 084 | |a ST 277 |0 (DE-625)143643: |2 rvk | ||
| 100 | 1 | |a Quick, Darren |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Cloud storage forensics |c Darren Quick ; Ben Martini ; Kim-Kwang Raymond Choo |
| 264 | 1 | |a Amsterdam [u.a.] |b Elsevier Syngress |c 2014 | |
| 300 | |a XVIII, 189 S. |b graph. Darst. |c 24 cm | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 490 | 0 | |a Syngress | |
| 650 | 4 | |a Datenverarbeitung | |
| 650 | 4 | |a Computer crimes / Investigation | |
| 650 | 4 | |a Forensic sciences / Data processing | |
| 650 | 4 | |a Cloud computing | |
| 650 | 4 | |a Information storage and retrieval systems | |
| 650 | 0 | 7 | |a Computerforensik |0 (DE-588)4774034-6 |2 gnd |9 rswk-swf |
| 689 | 0 | 0 | |a Computerforensik |0 (DE-588)4774034-6 |D s |
| 689 | 0 | |5 DE-604 | |
| 700 | 1 | |a Martini, Ben |e Verfasser |4 aut | |
| 700 | 1 | |a Choo, Kim-Kwang Raymond |e Verfasser |0 (DE-588)137128738 |4 aut | |
| 856 | 4 | 2 | |m Digitalisierung UB Passau - ADAM Catalogue Enrichment |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027436771&sequence=000003&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 856 | 4 | 2 | |m Digitalisierung UB Passau - ADAM Catalogue Enrichment |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027436771&sequence=000004&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA |3 Klappentext |
| 999 | |a oai:aleph.bib-bvb.de:BVB01-027436771 | ||
Datensatz im Suchindex
| _version_ | 1804152401144315904 |
|---|---|
| adam_text | To reduce the risk of
digitai
forensic evidence being called
into question in judicial proceedings, it is important to
have a rigorous methodology and set of procedures for
conducting digital forensic investigations and examinations.
Digital forensic investigation in the cloud computing
environment, however, is in infancy due to the comparatively
recent prevalence of cloud computing.
Cloud Storage Forensics presents the first evidence-based
cloud forensic framework. Using three popular cloud storage
services and one private cloud storage service as case
studies, the authors
-
Darren Quick, Ben Martini, and Kim-
Kwang Raymond Choo
—
demonstrated how their framework
can be used to undertake research into the data remnants
on both cloud storage servers and client devices when a
user undertakes a variety of methods to store, upload, and
access data in the cloud. By determining the data remnants
on client devices, you gain a better understanding of the types
of terrestrial artifacts that are likely to remain on the device.
Once it is determined that a cloud storage service account
has potential evidence of relevance to an investigation, you
can communicate this to legal liaison points within service
providers to enable them to respond and secure evidence in a
timely manner. You may also use the guidance provided from
the ownCioud case study to collect evidence directly from
cloud servers where appropriate. In jurisdictions that have
legal provisions to collect data accessible from a computer
or device, the process may involve accessing an account to
collect the data.
•
The first evidence-based cloud storage forensic
framework to guide practitioners and researchers
in a digital forensic investigation involving cloud
storage services.
•
Case studies using popular public cloud storage
services, which identify the types of terrestrial
artefacts that are likely to remain on a client s
machine, and the likely access point(s) for digits!
forensic practitioners and researchers.
ч
Case study using an open source cloud storage as
a service (StaaS)
application,
which provides an
in-depth understanding of the artifacts available to
digital forensics practitioners and researchers when
conducting analysis on cloud StaaS environments on
both clients and server.
A process that digital forensics practitioners and
researchers can use to collect data from cloud
storage services when legal authority exists to
access an account
Contents
Acknowledgments
.................................................................................................
хш
About the Authors
...................................................................................................xv
Forewords
.............................................................................................................
xvii
CHAPTER
1
Introduction
...........................................................1
Introduction
....................................................................................1
Cybercrime and the cloud
.............................................................3
Challenges faced by law enforcement and government
agencies
.....................................................................................5
Summary
........................................................................................7
Structure of book and contributions to knowledge
.......................8
References
......................................................................................9
CHAPTER
2
Cloud Storage Forensic Framework
........................13
Introduction
..................................................................................13
Cloud (storage) forensic framework
...........................................13
Commence (Scope)
.................................................................15
Preparation
..............................................................................15
Evidence source identification and preservation
...................16
Collection
................................................................................17
Examination and analysis
.......................................................18
Presentation
.............................................................................19
Complete
.................................................................................19
Framework summary
...................................................................20
References
...............
χ
....................................................................20
CHAPTER
3
Microsoft SkyDrive Cloud Storage Forensic
Analysis
...............................................................23
Introduction
..................................................................................23
SkyDrive forensics: Windows
7
PC
............................................24
Commence (Scope)
.................................................................24
Preparation
..............................................................................25
Evidence source identification and preservation
...................26
Collection
................................................................................26
Examination and analysis
.......................................................27
Presentation
.............................................................................47
Complete
.................................................................................48
SkyDrive forensics: Apple iPhone 3G
........................................51
Commence (Scope)
.................................................................52
Preparation
..............................................................................52
Evidence source identification and preservation
...................52
Collection
................................................................................52
Examination and analysis
.......................................................53
Presentation
.............................................................................53
Complete
.................................................................................55
Case study
....................................................................................55
Step
1—
Commence (Scope)
..................................................55
Step
2—
Preparation
................................................................56
Step
3—
Evidence source identification and preservation
.....56
Step
4—
Collection
.................................................................56
Step
5—
Examination and analysis
.........................................56
Step
6—
Presentation
..............................................................57
Step
7—
Complete
...................................................................59
Conclusion
...................................................................................59
References
....................................................................................60
CHAPTER
4
Dropbox Analysis: Data Remnants
on User Machines
.................................................63
Introduction
..................................................................................63
Dropbox forensics: Windows
7
PC
.............................................64
Commence (Scope)
.................................................................65
Preparation
..............................................................................65
Evidence source identification and preservation
...................69
Collection
................................................................................69
Examination and analysis
.......................................................70
Presentation
.............................................................................79
Complete
.................................................................................83
Dropbox forensics: Apple iPhone 3G
.........................................84
Commence (Scope)
.................................................................84
Preparation
..............................................................................84
Evidence source identification and preservation
...................84
Collection
................................................................................84
Examination and analysis
.......................................................85
Presentation
.............................................................................86
Complete
.................................................................................88
Casestudy
....................................................................................88
Step
1—
Commence (Scope)
..................................................88
Step
2—
Preparation
................................................................88
Step
3—
Evidence source identification and preservation
.....89
Step
4—
Collection
.................................................................89
Step
5—
Examination and analysis
.........................................89
Step
6—
Presentation
..............................................................90
Step
7—
Complete
...................................................................90
Conclusion
...................................................................................90
References
....................................................................................92
CHAPTER
5
Google Drive: Forensic Analysis of Cloud
Storage Data Remnants
.........................................95
Introduction
..................................................................................95
Google drive forensics: Windows
7
PC
......................................96
Commence (Scope)
.................................................................96
Preparation
..............................................................................96
Evidence source identification and preservation
...................98
Collection
................................................................................98
Examination and analysis
.......................................................98
Presentation
...........................................................................
Ill
Complete
...............................................................................115
Google drive forensics: Apple iPhone 3G
................................115
Commence (Scope)
...............................................................116
Preparation
............................................................................116
Evidence source identification and preservation
.................116
Collection
..............................................................................116
Examination and analysis
.....................................................117
Presentation
...........................................................................117
Complete
...............................................................................117
Google drive case study
............................................................118
Step
1—
Commence (Scope)
................................................118
Step
2—
Preparation
..............................................................118
Step
3—
Evidence source identification
and preservation
...............................................................119
Step
4—
Collection
...............................................................120
Step
5—
Examination and analysis
.......................................121
Step
6—
Presentation
............................................................121
Step 7—Complete
.................................................................121
Conclusion
.................................................................................121
CHAPTER
6
CHAPTER
7
Summary of Microsoft SkyDrive, Dropbox, and
Google Drive findings
..........................................................122
References
..................................................................................123
Appendix A
................................................................................124
Open Source Cloud Storage Forensics:
ownCloud as a Case Study
..................................127
Introduction
................................................................................127
Cloud forensics framework
..................................................129
Outline
..................................................................................130
Experiment setup
.......................................................................130
ownCloud overview
..............................................................130
Environment configuration
...................................................131
Findings
......................................................................................132
Client forensics
.....................................................................132
Evidence source identification and preservation, and
collection
..........................................................................133
Examination and analysis of client devices
.........................134
Reporting and presentation
...................................................138
Server forensics
....................................................................138
Evidence source identification and preservation
.................139
Collection
..............................................................................141
Server examination and analysis
..........................................143
Summary of findings
............................................................147
Conclusion
.................................................................................148
References
..................................................................................150
Forensic Collection of Cloud Storage Data:
Does the Act of Collection Result in Changes
to the Data or its Metadata?
................................153
Introduction
................................................................................153
Cloud storage providers
.............................................................154
Dropbox
................................................................................154
Google Drive
........................................................................155
Microsoft SkyDrive
..............................................................156
Data collection via Internet access to a user account
...............156
Dropbox
................................................................................159
Google Drive
........................................................................162
Microsoft SkyDrive
..............................................................164
Research
findings: discussion
...................................................168
File contents
..........................................................................168
Dates and times
....................................................................169
Client software dates and times
...........................................169
Browser dates and times
.......................................................169
Verification of findings
........................................................170
Summary
...............................................................................171
Conclusion
.................................................................................172
References
..................................................................................173
CHAPTER
8
Conclusion and Future Work
................................175
Research summary
.....................................................................175
Future work
................................................................................178
Glossary
.................................................................................................................179
Index
......................................................................................................................183
|
| any_adam_object | 1 |
| author | Quick, Darren Martini, Ben Choo, Kim-Kwang Raymond |
| author_GND | (DE-588)137128738 |
| author_facet | Quick, Darren Martini, Ben Choo, Kim-Kwang Raymond |
| author_role | aut aut aut |
| author_sort | Quick, Darren |
| author_variant | d q dq b m bm k k r c kkr kkrc |
| building | Verbundindex |
| bvnumber | BV041994606 |
| classification_rvk | ST 277 |
| ctrlnum | (OCoLC)889931974 (DE-599)BSZ399486623 |
| dewey-full | 363.25028546782 |
| dewey-hundreds | 300 - Social sciences |
| dewey-ones | 363 - Other social problems and services |
| dewey-raw | 363.25028546782 |
| dewey-search | 363.25028546782 |
| dewey-sort | 3363.25028546782 |
| dewey-tens | 360 - Social problems and services; associations |
| discipline | Informatik Soziologie |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01942nam a2200445 c 4500</leader><controlfield tag="001">BV041994606</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20140819 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">140725s2014 d||| |||| 00||| eng d</controlfield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">016546960</subfield><subfield code="2">DE-101</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780124199705</subfield><subfield code="c">pbk. : £42.99</subfield><subfield code="9">978-012-419-970-5</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)889931974</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BSZ399486623</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-739</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">363.25028546782</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Quick, Darren</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Cloud storage forensics</subfield><subfield code="c">Darren Quick ; Ben Martini ; Kim-Kwang Raymond Choo</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Amsterdam [u.a.]</subfield><subfield code="b">Elsevier Syngress</subfield><subfield code="c">2014</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XVIII, 189 S.</subfield><subfield code="b">graph. Darst.</subfield><subfield code="c">24 cm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="0" ind2=" "><subfield code="a">Syngress</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Datenverarbeitung</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer crimes / Investigation</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Forensic sciences / Data processing</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Cloud computing</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Information storage and retrieval systems</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computerforensik</subfield><subfield code="0">(DE-588)4774034-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Computerforensik</subfield><subfield code="0">(DE-588)4774034-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Martini, Ben</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Choo, Kim-Kwang Raymond</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)137128738</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027436771&sequence=000003&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027436771&sequence=000004&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Klappentext</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-027436771</subfield></datafield></record></collection> |
| id | DE-604.BV041994606 |
| illustrated | Illustrated |
| indexdate | 2024-07-10T01:10:07Z |
| institution | BVB |
| isbn | 9780124199705 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-027436771 |
| oclc_num | 889931974 |
| open_access_boolean | |
| owner | DE-739 |
| owner_facet | DE-739 |
| physical | XVIII, 189 S. graph. Darst. 24 cm |
| publishDate | 2014 |
| publishDateSearch | 2014 |
| publishDateSort | 2014 |
| publisher | Elsevier Syngress |
| record_format | marc |
| series2 | Syngress |
| spelling | Quick, Darren Verfasser aut Cloud storage forensics Darren Quick ; Ben Martini ; Kim-Kwang Raymond Choo Amsterdam [u.a.] Elsevier Syngress 2014 XVIII, 189 S. graph. Darst. 24 cm txt rdacontent n rdamedia nc rdacarrier Syngress Datenverarbeitung Computer crimes / Investigation Forensic sciences / Data processing Cloud computing Information storage and retrieval systems Computerforensik (DE-588)4774034-6 gnd rswk-swf Computerforensik (DE-588)4774034-6 s DE-604 Martini, Ben Verfasser aut Choo, Kim-Kwang Raymond Verfasser (DE-588)137128738 aut Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027436771&sequence=000003&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027436771&sequence=000004&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA Klappentext |
| spellingShingle | Quick, Darren Martini, Ben Choo, Kim-Kwang Raymond Cloud storage forensics Datenverarbeitung Computer crimes / Investigation Forensic sciences / Data processing Cloud computing Information storage and retrieval systems Computerforensik (DE-588)4774034-6 gnd |
| subject_GND | (DE-588)4774034-6 |
| title | Cloud storage forensics |
| title_auth | Cloud storage forensics |
| title_exact_search | Cloud storage forensics |
| title_full | Cloud storage forensics Darren Quick ; Ben Martini ; Kim-Kwang Raymond Choo |
| title_fullStr | Cloud storage forensics Darren Quick ; Ben Martini ; Kim-Kwang Raymond Choo |
| title_full_unstemmed | Cloud storage forensics Darren Quick ; Ben Martini ; Kim-Kwang Raymond Choo |
| title_short | Cloud storage forensics |
| title_sort | cloud storage forensics |
| topic | Datenverarbeitung Computer crimes / Investigation Forensic sciences / Data processing Cloud computing Information storage and retrieval systems Computerforensik (DE-588)4774034-6 gnd |
| topic_facet | Datenverarbeitung Computer crimes / Investigation Forensic sciences / Data processing Cloud computing Information storage and retrieval systems Computerforensik |
| url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027436771&sequence=000003&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=027436771&sequence=000004&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT quickdarren cloudstorageforensics AT martiniben cloudstorageforensics AT chookimkwangraymond cloudstorageforensics |