云存储服务数字取证调查

计算机科学 ›› 2015, Vol. 42 ›› Issue (Z11): 348-351.

云存储服务数字取证调查

董振兴,张青,陈龙

重庆邮电大学计算机取证研究所重庆400065,重庆邮电大学计算机取证研究所重庆400065,重庆邮电大学计算机取证研究所重庆400065

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家社会科学基金(14BFX156),重庆市自然科学基金(cstc2011jjA40031),重庆市科委自然科学计划项目(cstc2011jjA1350)资助

Digital Forensic Investigation in Cloud Storage

DONG Zhen-xing, ZHANG Qing and CHEN Long

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 越来越多的用户使用云存储服务来存储数据,但利用云存储服务存储违法信息、盗取公司机密信息等违法案例也逐渐增多。如何提取完整、可靠的证据信息以证明云存储服务访问行为成为一个迫切需要解决的问题。以360云存储服务为例,分析使用浏览器、客户端软件访问云存储后残留痕迹的存储规律性,提出了一种用户行为取证分析方法。该方法通过把日志、历史痕迹等相互关联来重构用户行为时间线,进而分析用户的数据操作行为规律。该方法的取证调查思路、方法也适用于当前广泛使用的其他云存储服务。

关键词: 云计算,云存储,数字取证,用户行为分析

Abstract: Nowadays,many users utilize the cloud storage service to store or share their data.At the same time,there are an increasing number of illegal cases about preserving illegal information or stealing the company’s confidential data through cloud storage service.Collecting the crucial evidences from cloud storage service reliably and completely has become an urgent problem.This paper took 360 cloud storage service as example,analyzed the law of residual data after accessing to the cloud storage through the browser and/or client software,and then presented a forensic analysis method to identify user behaviors.The time line of user’s action is reconstructed by combining logs and history data remnants together.Therefore the user behaviors related to the cloud storage service are profiled clearly.These ideas and methods can be applied to other cloud storage services currently used.

Key words: Cloud computing,Cloud storage,Digital forensic,User behavior analysis

董振兴,张青,陈龙. 云存储服务数字取证调查[J]. 计算机科学, 2015, 42(Z11): 348-351. https://doi.org/

DONG Zhen-xing, ZHANG Qing and CHEN Long. Digital Forensic Investigation in Cloud Storage[J]. Computer Science, 2015, 42(Z11): 348-351. https://doi.org/

参考文献

[1] Shams Z,Amit K D,Ragib H.SecLaaS:secure logging-as-a-service for cloud forensics[C]∥ASIA CCS’13 Proceedings of the 8th ACM SIGSAC Symposium on Information,Computer and Communications Security Table of Contents.New York:ACM,2013:219-230
[2] Zawoad S,Hasan R.I have the proof:providing proofs of past data possession in cloud forensics[C]∥Cyber Security.Washing-ton,DC,IEEE,2012:75-82
[3] 谢亚龙,丁丽萍,林渝淇,等.ICFF:一种 IaaS 模式下的云取证框架[J].通信学报,2013,34(5):200-206
[4] Sang Ting.A log based approach to make digital forensics easier on cloud computing[C]∥ 2013 Third International Conference on Intelligent System Design and Engineering Applications(ISDEA).Hong Kong,IEEE,2013:91-94
[5] Darren Q,Kim-Kwang R C.Digital droplets:Microsoft SkyDrive forensic data remnants[J].Future Generation Computer Systems,2013,29(6):1378-1394
[6] Fabio M,Gianluigi M,Simone T.A case study on digital forensics in the cloud[C]∥2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery(CyberC).Sanya,IEEE,2012:111-116
[7] Hale J S.Amazon cloud drive forensic analysis[J].Digital Inves-tigation,2013,10(3):259-265
[8] Quick D,Choo K-K R.Forensic collection of cloud storage data:Does the act of collection result in changes to the data or its metadata[J].Digital Investigation,2013,10(3):266-277
[9] Quick D,Choo K-K R.Dropbox analysis:data remnants on user machines[J].Digital Investigation,2013,10(1):3-18
[10] Chunga H,Parka J,Leea S,et al.Digital forensic investigation of cloud storage service[J].Digital Investigation,2012,9(2):81-95

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed