CATCH: Cloud Data Acquisition through Comprehensive and Hybrid Approaches

Jihyeok Yang, Jieon Kim, Jewan Bang, Sangjin Lee, Jungheum Park

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)

Abstract

With the development of Internet technology, cloud-based services have improved the availability and usability of resources. Among them, cloud storage services enable users to remotely store, access, or share data over a network. Therefore, digital forensic investigators need to collect data stored in remote servers to comprehensively understand a suspect's activities. Although several well-known commercial digital forensic tools provide features for cloud data acquisition in order to support this requirement, fewer studies have addressed whether they have full access to cloud resources and collect all the data as expected. In this regard, our findings from this work show that those commercial tools do not completely identify and collect data that are obviously available through dedicated clients (e.g., web-browsers and desktop/mobile apps). In this paper, we propose an investigative framework, CATCH (Cloud Data Acquisition through Comprehensive and Hybrid Approaches), which is composed of four steps (Authentication, Exploration, Filtering, and Collection). CATCH collects authentication data to access cloud resources and then, explores, filters, and collects all accessible metadata as well as contents from remote cloud servers by using Open and Internal APIs. To demonstrate our proposal, the CATCH framework is applied to collect a user's Microsoft OneDrive storage from digital forensics perspectives. We then evaluate data collection results generated from a self-developed tool based on the proposed framework, by comparing them to results from commercial digital forensic tools.

Original languageEnglish
Article number301442
JournalForensic Science International: Digital Investigation
Volume43
DOIs
Publication statusPublished - 2022 Sept

Bibliographical note

Funding Information:
This work was supported by Police-Lab 2.0 Program(www.kipot.or.kr) funded by the Ministry of Science and ICT(MSIT, Korea) & Korean National Police Agency(KNPA, Korea). [Project Name: Research on Data Acquisition and Analysis for Counter Anti-Forensics/Project Number: 210121M07]

Funding Information:
This work was supported by Police-Lab 2.0 Program( www.kipot.or.kr ) funded by the Ministry of Science and ICT( MSIT , Korea) & Korean National Police Agency( KNPA , Korea). [Project Name: Research on Data Acquisition and Analysis for Counter Anti-Forensics /Project Number: 210121M07 ]

Publisher Copyright:
© 2022 The Author(s)

Keywords

  • Cloud forensics
  • Digital forensics
  • Online data
  • Selective data collection
  • Web APIs

ASJC Scopus subject areas

  • Pathology and Forensic Medicine
  • Information Systems
  • Computer Science Applications
  • Medical Laboratory Technology
  • Law

Fingerprint

Dive into the research topics of 'CATCH: Cloud Data Acquisition through Comprehensive and Hybrid Approaches'. Together they form a unique fingerprint.

Cite this