±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35894
New Yesterday: 0 Visitors: 151

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

HELP for thesis in cloud forensics

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

Ibernato
Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 18, 19 14:27

- steve862
Hi,

As with the above comments your thesis needs to be much more clearly defined, with a clear set of objectives and for an intended audience. You should significantly reduce the range of topics you are considering. The Cloud is a massive subject without getting into a discussion of the Windows registry.

You might consider a more targetted approach and one of the starting points might be looking at the legislation around cloud data being collected by law enforcement agencies in the country in which you reside/study, or it could be a number of other counties. From there you could look at the quantities of data in the various cloud services that would not be found on a suspect's devices. Establishing a determination as to whether a crime is being adequatately investigated if no cloud data is being collected.

There are options of how cloud data should be collected and by whom. How do these people become trained and qualified to collect this data and what tools, processes, contemp notes should exist. How many people would be needed and where would they fit into the law enforcement agencies. Should they be a separate technical entity apart from the investigations team or part of it. How would they verify they are accessing the correct accounts, i.e. what level of checks and balances need to be in place.

You could look at the traditional digital forensic examination process and determine the artefacts that would demonstrate the use of cloud services. You could establish a list of clear indicators that data is being manually synchronised with a cloud service versus automatically sychronised. You could determine user settings and preferences and perhaps the evidence that synchronisation services had been turned on or off and when. Such artefacts might well exist and you could identify these and publish your findings. Extensive test sets would be needed and youd have to limit the number of cloud services and device types in your study.

Any one of those three suggestions is plenty for a Master's. You wouldn't need to be doing all three. With each of the three above there are plenty of further questions I could have added.

I'm not sure your planned approach of creating a simulated cloud service will provide much real-world relevance. I think you would be better placed looking at actual cloud services in use. This would particularly be the case with mobile devices where the cloud access is linked to the services' own installed app.

This has the potential to be a very interesting topic for the community. Done well it would be a positive contribution to the community if you were to share it once completed. In some countries law enforcement agencies are starting to collect cloud data on a more routine basis but others are not. It's early days for cloud forensics.

I'm guessing fom your posts English is not your first language. If that is the case I hope the advice being given makes sense.

Steve


Yes, i'm italian.
I know that the cloud is different from the virtual machine and that it doesn't make sense. Unfortunately I can't simulate in a real cloud environment.

Mine is not a research thesis, but a normal thesis.

What is your advice?
Examine the artifacts of various cloud services? (dropbox, drive, etc.)?

Examine the artifacts of a smartphone?  
 
  

trewmte
Senior Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 18, 19 21:30

- Ibernato
Hi guys,
I should do a master's thesis on cloud forensics.


1) What is the time frame you have to complete the work and thesis?
2) What research have you carried out to-date on this subject?
3) Have you read papers by others that focussed their thesis on forensics and the cloud?


I have a large library on cloud forensics. The type of research mentioned at 2/3 (above) that I am referring, is as follows. The list below is a small sample I compiled from my library based upon the description of the MSc thesis that you gave:

Cloud network forensic (2011)
Cloud-Based-Cyber-Physical-Systems-in-Manufacturing (2018)
Cloud-Computing-and-Security-Third-International-Conference-ICCCS-2017-Nanjing-China-June-16-18-2017-Revised-Selected-Papers-Part-I.pdf
Cloud-Computing-and-Security-Third-International-Conference-ICCCS-2017-Nanjing-China-June-16-18-2017-Revised-Selected-Papers-Part-II.pdf
Cloud-Storage-Forensics (2014)
Contemporary-Digital-Forensic-Investigations-of-Cloud-and-Mobile-Applications (2017)
Digital-Forensics-for-Network-Internet-and-Cloud-Computing-A-Forensic-Evidence-Guide-for-Moving-Targets-and-Data (2010)
Security, privacy and digital forensics in the cloud (2019)
VMSSS: A Proposed Model for Cloud Forensic in Cloud Computing Using VM Snapshot Server (2019)
An Advanced Forensic Readiness Model for the Cloud Environment (2016)
Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems (2013)

ETSI TR 102 997 V1.1.1 (2010-04)
Initial analysis of standardization requirements for Cloud services

ETSI TR 103 690 V1.1.1 (2012-02)
Lawful Interception (LI); eWarrant Interface

Draft ETSI DTR 101 567 V0.1.0 (2012-05)
Lawful Interception (LI); Cloud/Virtual Services (CLI)

ISO/IEC 17788:2014 1st Information technology -- Cloud computing -- Overview and vocabulary JTC1/SC38
_________________
Institute for Digital Forensics (IDF) - www.linkedin.com/groups/2436720
Mobile Telephone Examination Board (MTEB) - www.linkedin.com/groups/141739
Universal Network Investigations - www.linkedin.com/groups/13536130
Mobile Telephone Evidence & Forensics trewmte.blogspot.com 
 
  

Ibernato
Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 20, 19 13:14

I changed my thesis.
You can close this thread.  
 
  

jaclaz
Senior Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 20, 19 13:58

- Ibernato
I changed my thesis.
You can close this thread.


And - out of curiosity - which is the new one's topic?

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 

Page 2 of 2
Page Previous  1, 2