Full title in original language:
Cybercrime investigation countermeasure using created-accessed-modified model in cloud computing environments
Education level:
University University (18+ years)Topic / subtopic:
Cybercrime Cybercrime investigationTarget audience:
Students,
Teachers / Lecturers
Type of resource:
Publication / Article
Languages:
English
Region of relevance:
Global
Access:
restricted access: requiring payment
Individual authors:
Da-Yu Kao
Publication year:
2016
Published by:
The Journal of Supercomputing
Copyright holder:
© Springer US
Contact name and address:
Springer
Contact website:
Key themes:
cybercrime, cybercrime investigation, cloud, computing, cloud computing, cloud storage forensics, date-time stamp, event timeline, digital evidence, crime reconstruction, cybercrime countermeasure
Links:
Short description:
Cyber offenders spread their influence as fast as the Internet and cloud computing develop. Cloud computing enhances challenges in collecting and analyzing digital evidence in a cybercrime investigation. Research on cloud storage forensics is scarce to obtain evidence or analyze metadata. This study proposes a time-based investigation in a complex cloud environment. Establishing timeline information using date-time stamps could help when the law enforcement agents investigate cloud-related crime. Some experiments are observed from three users (creator, coauthor and browser), four computers and five file operation processes (file created, file accessed, file modified, file shared, and file downloaded). This study presents a novel cybercrime investigation countermeasure using a created-accessed-modified (CAM) model to improve the effectiveness of forensic analysis. This may have implications when examiners analyze hard disks or when a user has synchronized files from a cloud account prior to computer seizure. The countermeasure methodology is potentially useful for evidentiary datasets and investigations.