Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on Bittorrent Sync (original) (raw)
Related papers
File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today's always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect's computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.
High availability is no longer just a business continuity concern. Users are increasingly dependant on devices that consume and produce data in ever increasing volumes. A popular solution is to have a central repository which each device accesses after centrally managed authentication. This model of use is facilitated by cloud based file synchronisation services such as Dropbox, OneDrive, Google Drive and Apple iCloud. Cloud architecture allows the provisioning of storage space with ``always-on'' access. Recent concerns over unauthorised access to third party systems and large scale exposure of private data have made an alternative solution desirable. These events have caused users to assess their own security practices and the level of trust placed in third party storage services. One option is BitTorrent Sync, a cloudless synchronisation utility provides data availability and redundancy. This utility replicates files stored in shares to remote peers with access controlled by keys and permissions. While lacking the economies brought about by scale, complete control over data access has made this a popular solution. The ability to replicate data without oversight introduces risk of abuse by users as well as difficulties for forensic investigators. This paper suggests a methodology for investigation and analysis of the protocol to assist in the control of data flow across security perimeters.
BitTorrent Sync: Network Investigation Methodology
High availability is no longer just a business continuity concern. Users are increasingly dependant on devices that consume and produce data in ever increasing volumes. A popular solution is to have a central repository which each device accesses after centrally managed authentication. This model of use is facilitated by cloud based file synchronisation services such as Dropbox, OneDrive, Google Drive and Apple iCloud. Cloud architecture allows the provisioning of storage space with "always-on" access. Recent concerns over unauthorised access to third party systems and large scale exposure of private data have made an alternative solution desirable. These events have caused users to assess their own security practices and the level of trust placed in third party storage services.
Digital Forensics Study of a Cloud Storage Client: A Dropbox Artifact Analysis
CommIT (Communication and Information Technology) Journal
The rapid development of cloud storage technology paired with the prevalence of smartphone usage presents wide-ranging challenges for digital forensics practitioners. Data are more easily uploaded and shared between multiple devices and across multiple platforms. So, it has increased the opportunities for criminality. Criminality undertaken in cloud computing can be directly seen on logs stored on the cloud storage server, which records user activity. However, because of user privacy protection, these logs cannot be easily used as evidence in court. This issue emphasizes the need for a reliable means of identifying, acquiring, and preserving evidential data from the client-side. This study identifies the data artifacts of a user accessing Dropbox via smartphone (Android Lollipop and Android Nougat). The data are from performing several common activities such as installing, signing up, uploading, downloading, sharing, and others. About 14 artifacts are identified by documenting the D...
Digital Forensic and Distributed Evidence
Advances in Multidisciplinary and scientific Research Journal Publication
Digital Forensics investigation is the science and legal process of investigating computer/cybercrimes and digital media or objects to gather evidence. This new and fast evolving field encompasses computer forensics, network forensics, mobile forensics, cloud computing forensics, and IoT forensics; and for this reason have digital evidence distributed widely when the need arises for crime prosecution. Digital evidence must be authentic, accurate, complete, and convincing to the jury for legal admissibility at the court of law. In many instances due to the distributed nature of digital forensic evidence and the legal procedures to be adhered to in evidence gathering at a digital crime scene, presenting at the law courts have proven to be challenging and in some instances inadmissible. Following legal procedures in evidence gathering at a digital crime scene is critical for admissibility and prosecution. This paper aims to discuss digital forensics investigations jurisprudence in rela...
Digital Forensics Evidence Acquisition and Chain of Custody in Cloud Computing
2015
The new cloud computing concept delivers an adaptable service to many users. This is due to the fact that cloud computing offers an economic solution based on pay-per use idea. At the same time, digital forensics is a relatively new discipline born out due to the growing use of computing and digital solution. Digital forensics in cloud computing brings new technical and legal challenges (e.g. the remote nature of the evidence, trust required in the integrity and authenticity, and lack of physical access.) Digital forensics difficulties in cloud computing comprise acquisition of remote data, chain of custody, distributed and elastic data, big data volumes, and ownership. In the literature, there are many schemes that deal with these issues. In 2013, Hou et al. proposed a scheme to verify data authenticity and integrity in server-aided confidential forensic investigation. The authenticity and integrity are two essential requirements for the evidence admitted in court. The aim of this ...
Using Smartphones as a Proxy for Forensic Evidence contained in Cloud Storage Services
Hawaii International Conference on System Sciences (HICSS-46) , 2013
Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community.
Dropbox Forensics: Forensic Analysis of a Cloud Storage Service
international journal of engineering trends and technology, 2020
With the rising popularity of cloud storage and its ever-increasing versatility, many enterprises and individuals have jumped on the cloud bandwagon. This increased adoption of cloud storage had amplified the demand for cloud forensics, the cross-discipline between cloud computing and digital forensics. Cloud storage forensics is deemed the emerging challenge to digital forensic investigator since it allows an application on the local system to connect to the cloud storage and automate synching of files. When misused as a tool of crimes, investigators can expect to find evidence and traces of criminal activity in both local system and cloud providers. Forensic implications of Dropbox, an online cloud storage service with millions of users are the focus of this study. Dropbox client application on Windows 10 platform was examined and relevant valuable artifacts were presented.