MSc Project - Cloud Forensics
As the title says I am currently in the very early stages of my MSc Computer Forensics project and would like to gather some information from professionals and experts within the field of computer forensics.
Project title - An Investigation into digital evidence artefacts resulting from the use of cloud services with an added focus on Amazon Web Services, Google Cloud Platform and Microsoft Azure on Windows 10 Operating System
Project Aims - To Investigate the suspected use of Cloud Service Providers (CSPs), specifically Amazon Web Services, Google Cloud Platform and Microsoft Azure on Windows 10 to ascertain what digital artefacts are left behind to be used within a digital forensic investigation.
- Research any Windows 10 applications that are available for the cloud service providers which will include research into their storage locations on the operating file system and any indications of use by a user. This list is not exhaustive.
- Formulate and create a simulation space on a Windows 10 operating system using the applications that have been discovered and researched as well as any web portals to generate evidential artefacts from an "average joe" use of these services.
- Evaluate the results of the simulations and test from previous objective using software specifically designed for the forensic analysis of forensically sound disk images while following forensic guidelines and procedures.
- Create a guide to assist law enforcement that is dealing with cloud forensics investigations within a private or corporate space in Windows 10.
I am still trying to scope out exactly where I am looking to go with this or what rabbit hole to tumble down and have been reading into the subject. Most research papers for these services provide insights into the challenges of evidence acquisition within the cloud or conducting live forensics within the cloud environment but I am as of yet to come across papers that look exclusively at what can be discovered locally from these services (If you know of a blog/paper/etc that covers this I would very grateful if you could share).
My question is then, have any of you had experience with these CSPs during your line of work in terms of dead forensics and what were your learning experiences?
I would also be grateful for any other information you can share around this topic.
Thank you in advanced,