Overview of the Forensic Investigation of Cloud Services

Farina, Jason; Scanlon, Mark; Le-Khac, Nhien-An; Kechadi, Tahar

doi:10.1109/ares.2015.81

Cited by 25 publications

(22 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Examining application generated databases is not only an important task for forensic analysis of the data generation software tools, e.g., desktop applications and web browsers (Buchholz and Spafford, 2004), mobile applications (Faheem et al, 2015), and cloud services (Farina et al, 2015), but has been identified for desktop metadata curators, such as desktop file search utilities. Turnbull and Slay (Turnbull and B.BSlay, 2006) emphasised the importance of conducting research into the databases used by Google Desktop Search technologies in order for tools to be designed to extract the data for digital forensic investigations.…”

Section: Related Workmentioning

confidence: 99%

Shining a light on Spotlight: Leveraging Apple's desktop search utility to recover deleted file metadata on macOS

Atwal

Scanlon

Le-Khac

2019

Digital Investigation

Self Cite

View full text Add to dashboard Cite

a b s t r a c tSpotlight is a proprietary desktop search technology released by Apple in 2004 for its Macintosh operating system Mac OS X 10.4 (Tiger) and remains as a feature in current releases of macOS. Spotlight allows users to search for files or information by querying databases populated with filesystem attributes, metadata, and indexed textual content. Existing forensic research into Spotlight has provided an understanding of the metadata attributes stored within the metadata store database. Current approaches in the literature have also enabled the extraction of metadata records for extant files, but not for deleted files. The objective of this paper is to research the persistence of records for deleted files within Spotlight's metadata store, identify if deleted database pages are recoverable from unallocated space on the volume, and to present a strategy for the processing of discovered records. In this paper, the structure of the metadata store database is outlined, and experimentation reveals that records persist for a period of time within the database but once deleted, are no longer recoverable. The experimentation also demonstrates that deleted pages from the database (containing metadata records) are recoverable from unused space on the filesystem.

show abstract

Section: Related Workmentioning

confidence: 99%

Shining a light on Spotlight: Leveraging Apple's desktop search utility to recover deleted file metadata on macOS

Atwal

Scanlon

Le-Khac

2019

Digital Investigation

Self Cite

View full text Add to dashboard Cite

show abstract

“…Furthermore, the 12,792 images used for training and testing (80% and 20% respectively) came from sources described in Section 4. Each input image was resized to a dimension of 224 x 224 pixels and the output had a size of 5 (Multi-class classifier) and were mapped to a value pertaining to the following age range classes: [0-5], [6][7][8][9][10], [11][12][13][14][15], [16][17] and [18][19][20][21][22][23][24][25]. The ranges were adapted from the "Criminal networks involved in the trafficking and exploitation of underage victims in the European Union" 2018 report 14 , which indicates that the classification of subjects into one of these age ranges is sufficient, and that precise age estimation is not crucial for investigators.…”

Section: Development Of a Deep Learning Model For Age Estimation (Ds13k)mentioning

confidence: 99%

“…Child exploitation investigations are one of the more common investigation types in digital forensic laboratories throughout the world [1]. These investigations have become an arduous task due to the increasing usage of anonymization tools, private P2P networks and cloud-based KVM systems [9]. Worldwide, law enforcement and child protection communities have been fighting to diminish CSEM and human trafficking.…”

Section: Introductionmentioning

confidence: 99%

Improving Borderline Adulthood Facial Age Estimation through Ensemble Learning

Anda

Lillis

Kanta

et al. 2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

Achieving high performance for facial age estimation with subjects in the borderline between adulthood and non-adulthood has always been a challenge. Several studies have used different approaches from the age of a baby to an elder adult and different datasets have been employed to measure the mean absolute error (MAE) ranging between 1.47 to 8 years. The weakness of the algorithms specifically in the borderline has been a motivation for this paper. In our approach, we have developed an ensemble technique that improves the accuracy of underage estimation in conjunction with our deep learning model (DS13K) that has been fine-tuned on the Deep Expectation (DEX) model. We have achieved an accuracy of 68% for the age group 16 to 17 years old, which is 4 times better than the DEX accuracy for such age range. We also present an evaluation of existing cloud-based and offline facial age prediction services, such as Amazon Rekognition, Microsoft Azure Cognitive Services, How-Old.net and DEX.

show abstract

“…Evidence retrieval in multi‐tenant environments must maintain the confidentiality, preserve the privacy of the tenants, and finally ensure that the data to be collected concern specific tenant and no other. “Any attempt to physically connect to a data store or virtual host system will run a risk of modifying data that is outside the scope of the investigation insofar as belonging to a system that is not owned or operated by the suspect named in the warrant” . Because of the multi‐tenancy, the data can be contaminated by people who have access into the same storage unit with result of losing important evidence.…”

Section: Cloud Forensic Challengesmentioning

confidence: 99%

“…Thus, it is very difficult, almost impossible, to conduct evidence acquisition when investigators are dealt with different legal systems, where the related laws or regulations may vary by countries . A court order issued in the jurisdiction that resides a data center may not be applicable to the jurisdiction that resides another . “The location of data affects the ability to compel production of such data and may, although unlikely under most states’ in USA and countries long arm jurisdiction rules, affect the determination of where a case involving cloud data must be filed/prosecuted” .…”

Section: Cloud Forensic Challengesmentioning

confidence: 99%

A survey on cloud forensics challenges and solutions

Simou

Kalloniatis

Gritzalis

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

In recent years, cloud computing has gained popularity, and it is now used to support various areas of human life. Cloud forensics has been introduced to help forensic investigators find potential evidence against cloud criminal activities and maintain the security and integrity of the information stored in the cloud. While great research in the area has been carried out concerning challenges and solutions, the research on methodologies and frameworks is still in its infancy. This article focuses on the methodological aspects of cloud forensics. It critically reviews cloud forensics' existing challenges and solutions, and it explores, based on a detailed review of the area, all the work that has been carried out both in digital and cloud forensic methodologies mainly for supporting the investigation of security incidents in cloud. Furthermore, the detailed comparison reveals similarities and drawbacks of the existing methodologies providing some novel future research directions. Finally, the specific paper can be considered as a starting point for researchers wishing to design cloud-forensicable services over the cloud.

show abstract

Overview of the Forensic Investigation of Cloud Services

Cited by 25 publications

References 26 publications

Shining a light on Spotlight: Leveraging Apple's desktop search utility to recover deleted file metadata on macOS

Shining a light on Spotlight: Leveraging Apple's desktop search utility to recover deleted file metadata on macOS

Improving Borderline Adulthood Facial Age Estimation through Ensemble Learning

A survey on cloud forensics challenges and solutions

Contact Info

Product

Resources

About