Cloud storage services are in widespread use within today’s digital society. Their use ranges from businesses and organizations, both small and large, to individual consumers for general-purpose storage. Digital forensics is concerned with gathering digital evidence that typically relates to a crime. Digital forensics procedures are relatively well established for storage devices that can be directly accessed. However, as cloud storage services are remote, they present significant challenges to existing digital forensics process models.
The paper attempts to address these challenges through a cloud forensic analysis framework. More specifically, it is the third in a series of experiments that considers the analysis of the data remnants on the Google Drive storage service (previous experiments considered SkyDrive and Dropbox). As such, the paper has the double benefit of outlining the seven steps of the authors’ generic framework and outlining the specific details associated with an analysis of the Google Drive storage device.
The research was conducted to examine the data remnants on both a Windows 7 personal computer (PC) and an Apple iPhone, which is important due to the increased use of portable mobile devices to access cloud storage services. Both the analysis of the PC and the iPhone are described thoroughly, with details of the tools used and detailed descriptions for each step of the framework. The paper concludes with a useful case study, which walks through the application of the framework to a realistic yet fictitious case. The case study considers realistic issues such as a live forensic investigation (that is, the PC is found running when the police enter the premises) and securing the iPhone in a Faraday bag (standard police practice). It will come as a relief to digital forensics practitioners that the authors report similar findings for each of the three cloud storage services investigated (Google Drive, SkyDrive, and Dropbox).
This paper is packed full of useful technical advice and details for anyone interested in the digital forensic analysis of cloud storage services. It is well written and set out in such a way that anyone with sufficient digital forensics knowledge could follow the authors’ instructions to repeat the experiment.
