Analysis of Evidence in Cloud Storage Client Applications on the Windows Platform

Rakesh Malik, Narasimha Shashidhar, Lei Chen

Research output: Contribution to book or proceedingChapter

Abstract

In the research proposed in this paper, we present an approach to conduct a simple forensic analysis of cloud client storage applications on a Windows 8.1 virtual machine, in order to find possible traces left on the system that indicate the use of the cloud storage client applications even after the application is deleted. Our analysis focuses on the locations where evidence can be gathered and on the different types of files that can constitute possible evidence. The aim of this work is to collect data remnants from different cloud client applications once the applications is installed; remove the application and look for data remnants. Finally, we try to recover files that may have been deleted from the storage space.

Original languageAmerican English
Title of host publicationProceedings of the International Conference on Security and Management
StatePublished - Jul 1 2015

Keywords

  • Windows forensics
  • cloud application artifacts
  • cloud storage forensics
  • data carving
  • data remnants
  • digital forensic investigations

DC Disciplines

  • Computer Sciences

Fingerprint

Dive into the research topics of 'Analysis of Evidence in Cloud Storage Client Applications on the Windows Platform'. Together they form a unique fingerprint.

Cite this