Digital Forensic Analysis of Devices Containing Cloud Software Applications


Ka Chun Chiu


Mohammad Husain, Assistant Professor, California State Polytechnic University, Pomona

Until recently, law enforcement officials only analyzed local storage (hard-disk, memory) from a confiscated device to extract digital evidences that pertained to the crime being investigated. Now, with the proliferation of software applications with cloud storage support such as Dropbox, law enforcement officials face a significant challenge when collecting forensic evidence. For example, these applications support the data that is to be store on a device and, or on the cloud, while allowing the user to access and modify the data from multiple devices. Therefore, development of a new forensic methodology to support extraction from devices containing applications with cloud support is very crucial in the fight against cyber-crime. In order to correctly extract the data, each provider requires a different approach; this research focuses on Dropbox, Google Drive, SkyDrive and Evernote. For example, Dropbox files are all encrypted and therefore will need to be processed by a proper decryption technique. Afterwards, it will be necessary to understand the format of the data because the data are shared. In order to improve the efficiency of this application, it is important to trace deleted data from the cloud because many cloud software such as, Google Drive and SkyDrive have cache files that contain data about the cloud. All deleted data can be discover by comparing the cache files and log files from each cloud software. The goal of this research is to study the challenges in digital evidence extraction and identify potential techniques to overcome them

Presented by:

Ka Chun Chiu


Saturday, November 23, 2013




Poster Session 3 - Villalobos Hall

Presentation Type:

Poster Presentation


Computer Science