Collecting digital evidence through end-device in cloud computing / Siti Nur Edayu Hashim

Cloud computing is a platform for many people to store their files in the cloud storage. By having this platform, it enable users to access their personal files or even share their files to anyone wherever they are and whenever they want. Due to the easy access factor the cloud storage is opened to a high security risk. There are a lot of storage services available in cloud computing and every services faces different issue in collecting forensic digital evidence .There are a few problem that would occur when collecting the evidence such as Data Acquisition problem and log data acquisition problem. This paper emphasis on how end-device can act as a proxy to cloud storage services and to provide a residual data of evidence in cloud storage. This paper focuses on the extraction of potential evidence on the end device by using DD command for obtaining the image of the end device storage. The image obtain would be use in the Autopsy tools for evidence extraction. This paper give an explanation about the result obtain by two different cloud storage (Dropbox and Google Drive) and two different end devices. Throughout the experiment on this research paper, investigator able to extract residual evidence on the end user side by obtaining the evidence 86% of the evidence from end-device that have access to the cloud storage application.