An analysis method of forensic investigation for platform-as-a-service cloud storage services

Cloud computing has changed most of the ways users interact with computers and mobile devices. Every user, power-users or normal users, can take advantage of Cloud storage and in such a way that they can develop or store their data in cloud and access them anytime they want. There are three types of cloud Platform as a Service (PaaS), Software as a Service (SaaS) and Infrastructure as a Service (IaaS) but our focus is PaaS. Though, PaaS has made it easier to code and develop new application for developers, it has helped criminals to write their malicious application with minimum trace as well. PaaS cloud client applications could be a very useful for forensics investigators as they contain much information about the user. Although, there have been many digital forensics researches done on SaaS and IaaS, there have been close to none such research on PaaS. Therefore, the problem here is first there is not enough research in PaaS and second criminals use this service to create malicious applications. Previous researches on forensic analysis of PaaS cloud applications on Windows machines and smartphones used present forensic analyser tools and failed to detect all the data remnants such as file contents, email addresses, activity trails of users and many more. Also, majority of works were done on SaaS and IaaS cloud applications. In this research, to address the problems of lack of work on PaaS and lack of enough forensic data after analysis we propose a new analysis method for PaaS cloud applications to maximise the amount forensic that can be extracted in process of analysis. The proposed analysis method is valid for examining the internal storage, internal memory and network traffic of PC and smartphones. In the proposed analysis method of this project, the raw data of collected images is analysed. This analysis is done based on predefined keywords to detect login information. Upon identification of user’s data and pattern, the keywords which are common among PaaS applications are defined and then the raw data of images are analysed once again to find any remaining data remnants on the system. After the evidences are found and extracted then the researcher proceeds to presenting the findings in a report form. The new analysis method is tested on popular PaaS client applications namely Openshift and Heroku on Windows PC and mobile platforms iOS and Android. The outcome of this research establishes the use of the mentioned PaaS applications on the investigated computers and smartphones and results in identification of artefacts such as usernames, passwords, login information, application source code and application information. The result of this research assists forensic examiners and practitioners in understanding the types of artefacts that are likely to remain on Windows machines and iOS and Android smartphones after using PaaS applications and also it helps these applications’ developers to make the applications more secure and users to know the security issues of these applications.

Preview Text FSKTM 2016 41 IR.pdf Download (1MB) | Preview

Actions (login required)

View Item