Abstract
In the research proposed in this paper, we present an approach to conduct a simple forensic analysis of cloud client storage applications on a Windows 8.1 virtual machine, in order to find possible traces left on the system that indicate the use of the cloud storage client applications even after the application is deleted. Our analysis focuses on the locations where evidence can be gathered and on the different types of files that can constitute possible evidence. The aim of this work is to collect data remnants from different cloud client applications once the applications is installed; remove the application and look for data remnants. Finally, we try to recover files that may have been deleted from the storage space.
Original language | American English |
---|---|
Title of host publication | Proceedings of the International Conference on Security and Management |
State | Published - Jul 1 2015 |
Keywords
- Windows forensics
- cloud application artifacts
- cloud storage forensics
- data carving
- data remnants
- digital forensic investigations
DC Disciplines
- Computer Sciences