Date of Award
Summer 8-2015
Degree Type
Thesis-Restricted
Degree Name
M.S.
Degree Program
Computer Science
Department
Computer Science
Major Professor
Vassil Roussev
Second Advisor
Golden G. Richard III
Third Advisor
Irfan Ahmed
Abstract
Cloud computing and cloud storage services, in particular, pose a new challenge to digital forensic investigations. Currently, evidence acquisition for such services still follows the traditional approach of collecting artifacts on a client device. In this work, we show that such an approach not only requires upfront substantial investment in reverse engineering each service, but is also inherently incomplete as it misses prior versions of the artifacts, as well as cloud-only artifacts that do not have standard serialized representations on the client.
In this work, we introduce the concept of API-based evidence acquisition for cloud services, which addresses these concerns by utilizing the officially supported API of the service. To demonstrate the utility of this approach, we present a proof-of-concept acquisition tool, kumodd, which can acquire evidence from four major cloud storage providers: Google Drive, Microsoft One, Dropbox, and Box. The implementation provides both command-line and web user interfaces, and can be readily incorporated into established forensic processes.
Recommended Citation
Barreto, Andres E., "API-Based Acquisition of Evidence from Cloud Storage Providers" (2015). University of New Orleans Theses and Dissertations. 2030.
https://scholarworks.uno.edu/td/2030
Rights
The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.