Abstract
Cyber offenders spread their influence as fast as the Internet and cloud computing develop. Cloud computing enhances challenges in collecting and analyzing digital evidence in a cybercrime investigation. Research on cloud storage forensics is scarce to obtain evidence or analyze metadata. This study proposes a time-based investigation in a complex cloud environment. Establishing timeline information using date-time stamps could help when the law enforcement agents investigate cloud-related crime. Some experiments are observed from three users (creator, coauthor and browser), four computers and five file operation processes (file created, file accessed, file modified, file shared, and file downloaded). This study presents a novel cybercrime investigation countermeasure using a created-accessed-modified (CAM) model to improve the effectiveness of forensic analysis. This may have implications when examiners analyze hard disks or when a user has synchronized files from a cloud account prior to computer seizure. The countermeasure methodology is potentially useful for evidentiary datasets and investigations.
Similar content being viewed by others
References
Birk D, Wegener C (2001) Technical issues of forensic investigations in cloud computing environments. 6th International workshop on systematic approaches to digital forensic engineering (IEEE/SADFE). Oakland, CA, USA, pp 1–10
Casey E (2010) Handbook of digital forensics and investigation. Elsevier, MA
Casey E (2011) Digital evidence and computer crime: forensic science, computers, and the internet, 3rd edn. Elsevier, MA
Grispos G, Storer T, Glisson WB (2013) Calm before the storm: the challenges of cloud. University of Glasgow Web. http://www.dcs.gla.ac.uk/~tws/papers/grispos11calm-rev2425.pdf. Accessed 1 Apr 2015
ISO (International Organization for Standardization) (2012) ISO/IEC 27037:2012—Information technology: guidelines for identification, collection, acquisition and preservation of digital evidence. pp 1–38
Jing L, Bo Z (2014) The analysis of visual forensics in cloud computing environment. In: International conference on mechatronics, electronic, industrial and control engineering (MEIC 2014). Atlantis Press, pp 470–474
Kunjan SA, Akshaya S (2014) Account and files security for multi-owners in cloud environment. Int J Comb Res Dev (IJCRD) 3(6):121–124
Laykin E (2013) Investigative computer forensics: the practical guide for lawyers, accountants, investigators, and business executives. Wiley, New Jersey
Quick D, Choo KKR (2013) Forensic collection of cloud storage data: does the act of collection result in changes to the data or its metadata? Digit Investig 10:266–277
Reilly D, Wren C, Berry T (2011) Cloud computing: pros and cons for computer forensic investigations. Int J Multimed Image Process (IJMIP) 1:26–34
Roger AE, Achille MM (2012) Multi-perspective cybercrime investigation process modeling. Int J Appl Inf Syst (IJAIS) 2:14–20
Ruan K, Carthy J, Kechadi T, Crosbie M (2011) Cloud forensics. In: 7th IFIP WG 11.9 International conference on digital forensics—advances in digital forensics VII, Springer, Heidelberg, pp 35–46
Shema M (2014) Anti-hacker tool kit, 4th edn. McGraw-Hill Education Publisher, New York
Shetty J, Anala MR, Shobha G (2014) A study on cloud forensics: challenges, tools and CSP features. Biom Bioinform 6(6):149–153
Shirkhedkar D, Patil S (2014) Design of digital forensic technique for cloud computing. Int J Adv Res Comput Sci Manag Stud 6(2):192–194
Simou S, Kalloniatis C, Kavakli E, Gritzalis S (2014) Cloud forensics: identifying the major issues and challenge. Advanced Information Systems Engineering, Lecture Notes in Computer Science 8484:271–284
Sommer P (2012) Digital evidence, digital investigations and e-disclosure: a guide to forensic readiness for organizations, security advisers and lawyers (third edition). Information assurance advisory council (IAAC), Swindon, UK
Stephenson P (2012) Official (ISC)\(^{2{\textregistered }}\) Guide to the CCFP CBK. Auerbach, FL
Thorpe S, Ray I, Grandison T, Barbir A (2012) Cloud log forensics metadata analysis. IEEE 36th Annual on computer software and applications conference workshops (COMPSACW). Izmir, Turkey, pp 194–199
Watson D, Jones A (2013) Digital forensics processing and procedures meeting the requirements of ISO 17020, ISO17025, ISO 27001 and best practice requirements. Elsevier, MA
Wikipedia-the free encyclopedia. http://en.wikipedia.org/wiki/. Accessed 1 Apr 2015
Zawoad S, Hasan R (2013) Cloud forensics: a meta-study of challenges, approaches, and open problems. University of Alabama at Birmingham, USA
Acknowledgments
The author wishes to thank Min-Ju Chung for the input and fruitful discussions on the topic of cloud storage forensics. This research was partially supported by the Ministry of Science and Technology of the Republic of China under the Grants MOST 103-2221-E-015-003.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kao, DY. Cybercrime investigation countermeasure using created-accessed-modified model in cloud computing environments. J Supercomput 72, 141–160 (2016). https://doi.org/10.1007/s11227-015-1516-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-015-1516-7