Digital Forensics: Challenges and Trends
VerifiedAdded on 2020/03/16
|12
|2983
|38
AI Summary
The assignment delves into the complexities of cloud forensics, examining key issues such as data retention policies, jurisdiction challenges, and the impact of evolving technologies on forensic investigations. It also discusses best practices for evidence collection and analysis in cloud environments, emphasizing the importance of collaboration between law enforcement, cloud providers, and forensic experts.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: FORENSIC REPORT
Forensic Report
Name of the Student
Name of the University
Author Note
Forensic Report
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2
FORENSIC REPORT
Table of Contents
Executive Summary...................................................................................................................4
Introduction................................................................................................................................4
Scope Of Engagement:...............................................................................................................5
Summary Of Findings................................................................................................................5
Analysis......................................................................................................................................5
Legal And Ethical Considerations.............................................................................................8
Findings......................................................................................................................................9
Conclusion...............................................................................................................................10
References:...............................................................................................................................11
FORENSIC REPORT
Table of Contents
Executive Summary...................................................................................................................4
Introduction................................................................................................................................4
Scope Of Engagement:...............................................................................................................5
Summary Of Findings................................................................................................................5
Analysis......................................................................................................................................5
Legal And Ethical Considerations.............................................................................................8
Findings......................................................................................................................................9
Conclusion...............................................................................................................................10
References:...............................................................................................................................11
3
FORENSIC REPORT
Executive summary
The rise of computer systems has witnessed new evidences available for any
investigator. They have been to seeking whether any offender has utilized the computer
systems for facilitating the offences. However there lie various drawbacks though the
evidences are present. The data volume is a challenge here. However as the users are turning
to be more savvy, more sophisticated methods are found to make the life of the examiners
harder. This is done through hiding and destroying the vital data. For instance the Google is
quiet helpful to seek proofs leaving them away from any wrongdoing. On the other hand, the
operating systems and computers are highly complex systems. There have been various
exceptions for every process utilized to eradicate evidences. This it is still common for the
methods not to become fully successful. The following article analyzes a case of theft of
intellectual property where the suspect was caught with false allegations of stealing electronic
documents.
Introduction
I have been appointed with case in which a large corporate entity had received a
resignation letter from one of his senior employee who had decided to commence work with
a competitor organization. He was much respected executive manager and exemplary
employee within the organization. Similar to the other executives, he was also appointed with
an external USB storage device for saving the documents related to the operational activities
within the organization. This member was reported to be working from outside the office
premises many times for which he needed to use a portable storage device for storing those
information. “This executive was expected to work away from the office from time to time
and as a result, he needed the ability to have a portable storage device. This of itself was no
cause for alarm for the business and was considered standard operating procedure”.
FORENSIC REPORT
Executive summary
The rise of computer systems has witnessed new evidences available for any
investigator. They have been to seeking whether any offender has utilized the computer
systems for facilitating the offences. However there lie various drawbacks though the
evidences are present. The data volume is a challenge here. However as the users are turning
to be more savvy, more sophisticated methods are found to make the life of the examiners
harder. This is done through hiding and destroying the vital data. For instance the Google is
quiet helpful to seek proofs leaving them away from any wrongdoing. On the other hand, the
operating systems and computers are highly complex systems. There have been various
exceptions for every process utilized to eradicate evidences. This it is still common for the
methods not to become fully successful. The following article analyzes a case of theft of
intellectual property where the suspect was caught with false allegations of stealing electronic
documents.
Introduction
I have been appointed with case in which a large corporate entity had received a
resignation letter from one of his senior employee who had decided to commence work with
a competitor organization. He was much respected executive manager and exemplary
employee within the organization. Similar to the other executives, he was also appointed with
an external USB storage device for saving the documents related to the operational activities
within the organization. This member was reported to be working from outside the office
premises many times for which he needed to use a portable storage device for storing those
information. “This executive was expected to work away from the office from time to time
and as a result, he needed the ability to have a portable storage device. This of itself was no
cause for alarm for the business and was considered standard operating procedure”.
4
FORENSIC REPORT
After resignation of the executive manager , the senior manager decided to review the
laptop computer of the executive as the matter of process and just wanted to crosscheck and
confirm whether the executive had sent any confidential and sensitive information to his new
employer or not. With the addition of this information he also wants to know if the executive
had stolen the data or manipulated the data unlawfully or not. He just wanted to confirm that
his data is safe and not any manipulation has been done to the data.
Considering these facts an executive from the organization went to the executive’s
apartment and collected the related equipments to the storage device and laptop computer in
which he used to save the data and used to accomplish operational activities related to the
work environment.
Scope of Engagement:
Following are the scope of the digital forensic investigation: I was provided with the
executive’s laptop computer and the storage device that he was using all the time for the
thoroughly forensic investigation. All the computers that were issued by the organization
were based on Windows XP operating system using NTFS file system.
Summary of Findings
There were certain files relate to the organization that has been deleted after the
executive senior had resigned to join the competitor organization and it is the probability that
the executive senior had exchanged sensitive information with their employees.
Analysis
The investigation was started by examining the forensic image of the USB external
device that was recovered from the executive. It was noted that it was already formatted by
the executive date prior to the collection of devices and the forensic image was of no use as
there was not any user file stored in the drive. The process of formatting the external device
FORENSIC REPORT
After resignation of the executive manager , the senior manager decided to review the
laptop computer of the executive as the matter of process and just wanted to crosscheck and
confirm whether the executive had sent any confidential and sensitive information to his new
employer or not. With the addition of this information he also wants to know if the executive
had stolen the data or manipulated the data unlawfully or not. He just wanted to confirm that
his data is safe and not any manipulation has been done to the data.
Considering these facts an executive from the organization went to the executive’s
apartment and collected the related equipments to the storage device and laptop computer in
which he used to save the data and used to accomplish operational activities related to the
work environment.
Scope of Engagement:
Following are the scope of the digital forensic investigation: I was provided with the
executive’s laptop computer and the storage device that he was using all the time for the
thoroughly forensic investigation. All the computers that were issued by the organization
were based on Windows XP operating system using NTFS file system.
Summary of Findings
There were certain files relate to the organization that has been deleted after the
executive senior had resigned to join the competitor organization and it is the probability that
the executive senior had exchanged sensitive information with their employees.
Analysis
The investigation was started by examining the forensic image of the USB external
device that was recovered from the executive. It was noted that it was already formatted by
the executive date prior to the collection of devices and the forensic image was of no use as
there was not any user file stored in the drive. The process of formatting the external device
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5
FORENSIC REPORT
does not delete all the data in real rather it creates a new series of files that were present
before the formatting took place. The data that was saved earlier on the external USB could
be resided again in the unallocated area of the same disk.
While formatting any external storage device, the Microsoft Windows prepares the
media by writing the series of the system files to the same drive that assisted the operating
system to store the data or files and organize them on the disk. This file writing on the
document is called as the MFT (Master File Table) that records the information about the
directories and files there has been saved earlier including the file name with the date of the
creation and where did the file resides. All this entry has been made in the MFT.
Following is the screenshot the can provide an overview of the types of information that
could be found in the MFT:
Figure: Type of information we can expect to find
(Source: Created by Author)
The header for the MFT entry “FILE0” is being clear along with the filename that is
“helpinstall_english.7zip”. Quickly scrolling these files indicated the file named “old” data in
the unallocated space, however initially it was very difficult to find this file, “humanly
readable” text. Through subsequently analysis through the software tool for revealing if there
FORENSIC REPORT
does not delete all the data in real rather it creates a new series of files that were present
before the formatting took place. The data that was saved earlier on the external USB could
be resided again in the unallocated area of the same disk.
While formatting any external storage device, the Microsoft Windows prepares the
media by writing the series of the system files to the same drive that assisted the operating
system to store the data or files and organize them on the disk. This file writing on the
document is called as the MFT (Master File Table) that records the information about the
directories and files there has been saved earlier including the file name with the date of the
creation and where did the file resides. All this entry has been made in the MFT.
Following is the screenshot the can provide an overview of the types of information that
could be found in the MFT:
Figure: Type of information we can expect to find
(Source: Created by Author)
The header for the MFT entry “FILE0” is being clear along with the filename that is
“helpinstall_english.7zip”. Quickly scrolling these files indicated the file named “old” data in
the unallocated space, however initially it was very difficult to find this file, “humanly
readable” text. Through subsequently analysis through the software tool for revealing if there
6
FORENSIC REPORT
any previous files on the storage device that has common formats as that of the MS word or
adobe reader or Microsoft Office. The organization replied that they were using Microsoft
Office version that was prior to 2010 that resulted in not any concerned with such files or
documents that has been created using new Office Open XML format. Particularly the
attempt was being made to search for files that have been consisted of the hexadecimal bytes
“D0 CF 11 E0 A1 B1 1A E1” for Office files and “25 50 44 46” for Adobe Acrobat files.
In addition to the above activity attempt was also made to search for Lotus Notes databases
(bytes 1A 00 00 04 00 00) (as the organization was using the Lotus Notes for email service)
including the archived files, such as RAR (bytes 52 61 72 21 1A 07 00) and ZIP (bytes 50 4B
03 04). Till now nothing has been found so attempt was made to find files with the formats
“doc”, “xls”, “pdf”, “ppt” and many more. It has been found that hundreds of files have been
instanced on the filename entries. It was noted that each of the “filename entries existed in,
what appeared to be, entries in a previously deleted MFT. The MFT is structured in a
particular way and consists of a series of entries in the following segments”
Strategic Information
File/directory name
Index/data
Unused space
Following is the structure of the MFT:
FORENSIC REPORT
any previous files on the storage device that has common formats as that of the MS word or
adobe reader or Microsoft Office. The organization replied that they were using Microsoft
Office version that was prior to 2010 that resulted in not any concerned with such files or
documents that has been created using new Office Open XML format. Particularly the
attempt was being made to search for files that have been consisted of the hexadecimal bytes
“D0 CF 11 E0 A1 B1 1A E1” for Office files and “25 50 44 46” for Adobe Acrobat files.
In addition to the above activity attempt was also made to search for Lotus Notes databases
(bytes 1A 00 00 04 00 00) (as the organization was using the Lotus Notes for email service)
including the archived files, such as RAR (bytes 52 61 72 21 1A 07 00) and ZIP (bytes 50 4B
03 04). Till now nothing has been found so attempt was made to find files with the formats
“doc”, “xls”, “pdf”, “ppt” and many more. It has been found that hundreds of files have been
instanced on the filename entries. It was noted that each of the “filename entries existed in,
what appeared to be, entries in a previously deleted MFT. The MFT is structured in a
particular way and consists of a series of entries in the following segments”
Strategic Information
File/directory name
Index/data
Unused space
Following is the structure of the MFT:
7
FORENSIC REPORT
Figure: 2 MTF Structure
(Source: http://www.cs.bgu.ac.il/~os042/assignments/Ex3/NTFS_background.html)
Or the purposes of this case study, it sufficient to understand that the following relevant
information is stored in the “data block” of the MFT entry:
1. The file creation date, stored as a 64 bit Little Endian format number. For example,
the hex bytes 40 29 AF 60 6C 50 C7 01 would decode to 14 February 2007 at 19:41
hours UTC time;
2. The date and time that a file was modified, again stored as a 64 bit Little Endian
value; and
3. The date and time that the MFT entry relating to this particular files was last changed.
Legal and ethical considerations
Permission has been granted by then organization to access the devices including the
storage device and the laptop computer.
By the NSW Police: Senior manager has state the ownership of the laptop and USB
storage.
These operations are lawfully approved.
FORENSIC REPORT
Figure: 2 MTF Structure
(Source: http://www.cs.bgu.ac.il/~os042/assignments/Ex3/NTFS_background.html)
Or the purposes of this case study, it sufficient to understand that the following relevant
information is stored in the “data block” of the MFT entry:
1. The file creation date, stored as a 64 bit Little Endian format number. For example,
the hex bytes 40 29 AF 60 6C 50 C7 01 would decode to 14 February 2007 at 19:41
hours UTC time;
2. The date and time that a file was modified, again stored as a 64 bit Little Endian
value; and
3. The date and time that the MFT entry relating to this particular files was last changed.
Legal and ethical considerations
Permission has been granted by then organization to access the devices including the
storage device and the laptop computer.
By the NSW Police: Senior manager has state the ownership of the laptop and USB
storage.
These operations are lawfully approved.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
8
FORENSIC REPORT
Findings
Another attempt was made to analysis the laptop computer that has been provided by the
senior executive where in the recycle bin there were various files found that can be related to
the case. A large size of video files was found with the entries named as “De785.mpg”,
including the files of the format Adobe Acrobat, and Microsoft Office under the name
“De621.doc”.
There have been various actions that took place while a user tries to delete the data that was
saved into the external USB device. In Windows XP on a disk drive formatted using the
NTFS file system, by dragging and dropping the file into the recycle bin, that includes the
following steps: Firstly, The file has been “moved to the recycle bin by the operating system
and when the user tries to clean the data saved in the recycle bin, the file is renamed using the
convention ‘d’ + drive letter of origin + unique index number. For example the file name
‘De785.mpg’ means the file was emptied from the recycle bin it originally existed on the ‘E’
drive and was provided with the index number ‘785’”.
Computer systems tag all the external storage devices or the drivers with a unique
drive letter. With personal experience it can be expressed that portable hard disk drive that is
connecting to the computer is mainly assigned with the drive letters namely, “E”, “F” or “G”.
Following are the list of events that can be stated after making all the investigation on the
files that might have deleted:
The hard disk or drive was provided to the executive for the official purpose.
As per the evidence found after recovering the files, it can be concluded that senior
executive that was commenced using the USB hard drive had copied several
thousands of files from the file server that has been presented for the corporate use
only onto the USB portable hard disk drive.
FORENSIC REPORT
Findings
Another attempt was made to analysis the laptop computer that has been provided by the
senior executive where in the recycle bin there were various files found that can be related to
the case. A large size of video files was found with the entries named as “De785.mpg”,
including the files of the format Adobe Acrobat, and Microsoft Office under the name
“De621.doc”.
There have been various actions that took place while a user tries to delete the data that was
saved into the external USB device. In Windows XP on a disk drive formatted using the
NTFS file system, by dragging and dropping the file into the recycle bin, that includes the
following steps: Firstly, The file has been “moved to the recycle bin by the operating system
and when the user tries to clean the data saved in the recycle bin, the file is renamed using the
convention ‘d’ + drive letter of origin + unique index number. For example the file name
‘De785.mpg’ means the file was emptied from the recycle bin it originally existed on the ‘E’
drive and was provided with the index number ‘785’”.
Computer systems tag all the external storage devices or the drivers with a unique
drive letter. With personal experience it can be expressed that portable hard disk drive that is
connecting to the computer is mainly assigned with the drive letters namely, “E”, “F” or “G”.
Following are the list of events that can be stated after making all the investigation on the
files that might have deleted:
The hard disk or drive was provided to the executive for the official purpose.
As per the evidence found after recovering the files, it can be concluded that senior
executive that was commenced using the USB hard drive had copied several
thousands of files from the file server that has been presented for the corporate use
only onto the USB portable hard disk drive.
9
FORENSIC REPORT
Business related all the files have been already deleted from the portable device that
has been earlier provided for the investigation and the evidence was driven out from
the investigation. Biggest files were presented in the recycle bin that was no longer
existed but traces were present in the computer relating to the Adobe Acrobat and
Microsoft Office type files.
After the deletion of business related files from the USB hard disk drive, “a single
video file was copied onto the drive many multiples of times to overwrite the data
contained in the previously deleted business related files”. The evidence that were
developed after the investigation were the data related to the same video file and were
still present in the unallocated portion of that portable device that has been presented.
As stated earlier then files had been deleted earlier and the portable device was not
containing any files that could help the investigation. This could be put in the
category of the evidences that did no longer exist into the device but was recovered
from the MFT files.
MFT was helpful in recovering the files that has been deleted a day earlier before the
device was received.
Conclusion
Based on the above report it can be concluded that the investigation was successful on
the basis of digital technology. However, certain more investigation needed to interrogate the
senior executive in manner to confirm that he has made the treason with the organization.
This report was thoroughly research on the data that was being transferred using the USB
external drive.
FORENSIC REPORT
Business related all the files have been already deleted from the portable device that
has been earlier provided for the investigation and the evidence was driven out from
the investigation. Biggest files were presented in the recycle bin that was no longer
existed but traces were present in the computer relating to the Adobe Acrobat and
Microsoft Office type files.
After the deletion of business related files from the USB hard disk drive, “a single
video file was copied onto the drive many multiples of times to overwrite the data
contained in the previously deleted business related files”. The evidence that were
developed after the investigation were the data related to the same video file and were
still present in the unallocated portion of that portable device that has been presented.
As stated earlier then files had been deleted earlier and the portable device was not
containing any files that could help the investigation. This could be put in the
category of the evidences that did no longer exist into the device but was recovered
from the MFT files.
MFT was helpful in recovering the files that has been deleted a day earlier before the
device was received.
Conclusion
Based on the above report it can be concluded that the investigation was successful on
the basis of digital technology. However, certain more investigation needed to interrogate the
senior executive in manner to confirm that he has made the treason with the organization.
This report was thoroughly research on the data that was being transferred using the USB
external drive.
10
FORENSIC REPORT
Bibliography:
AbRahman, N. H., &Choo, K. K. R. (2015).A survey of information security incident
handling in the cloud.Computers & Security, 49, 45-69.
Arunachalam, S., &Rajan, M. S. (2017). Privacy Assured Multi-Tenants Forensic Log Data
Collection and Isolation in Cloud Services.
Baboo, C. D. S. S., &Megalai, S. M. (2015).Cyber Forensic Investigation and Exploration on
Cloud Computing Environment.Global Journal of Computer Science and Technology,
15(1).
Cahyani, N. D. W., Martini, B., Choo, K. K. R., & Al‐Azhar, A. K. B. P. (2017). Forensic
data acquisition from cloud‐of‐things devices: windows Smartphones as a case study.
Concurrency and Computation: Practice and Experience, 29(14).
Choo, K. K. R., Esposito, C., & Castiglione, A. (2017). Evidence and Forensics in the Cloud:
Challenges and Future Research Directions. IEEE Cloud Computing, 4(3), 14-19.
Collange, S., Dandass, Y. S., Daumas, M., & Defour, D. (2009, January). Using graphics
processors for parallelizing hash-based data carving. In System Sciences, 2009.
HICSS'09. 42nd Hawaii International Conference on (pp. 1-10). IEEE.
Cruz, F., Moser, A., & Cohen, M. (2015). A scalable file based data store for forensic
analysis. Digital Investigation, 12, S90-S101.
Kebande, V. R., & Venter, H. S. (2014).A Cloud Forensic Readiness Model Using a Botnet
as a Service. In The International Conference on Digital Security and Forensics
(DigitalSec2014) (pp. 23-32). The Society of Digital Information and Wireless
Communication.
Khan, S., Ahmad, E., Shiraz, M., Gani, A., Wahab, A. W. A., &Bagiwa, M. A. (2014,
September). Forensic challenges in mobile cloud computing. In Computer,
FORENSIC REPORT
Bibliography:
AbRahman, N. H., &Choo, K. K. R. (2015).A survey of information security incident
handling in the cloud.Computers & Security, 49, 45-69.
Arunachalam, S., &Rajan, M. S. (2017). Privacy Assured Multi-Tenants Forensic Log Data
Collection and Isolation in Cloud Services.
Baboo, C. D. S. S., &Megalai, S. M. (2015).Cyber Forensic Investigation and Exploration on
Cloud Computing Environment.Global Journal of Computer Science and Technology,
15(1).
Cahyani, N. D. W., Martini, B., Choo, K. K. R., & Al‐Azhar, A. K. B. P. (2017). Forensic
data acquisition from cloud‐of‐things devices: windows Smartphones as a case study.
Concurrency and Computation: Practice and Experience, 29(14).
Choo, K. K. R., Esposito, C., & Castiglione, A. (2017). Evidence and Forensics in the Cloud:
Challenges and Future Research Directions. IEEE Cloud Computing, 4(3), 14-19.
Collange, S., Dandass, Y. S., Daumas, M., & Defour, D. (2009, January). Using graphics
processors for parallelizing hash-based data carving. In System Sciences, 2009.
HICSS'09. 42nd Hawaii International Conference on (pp. 1-10). IEEE.
Cruz, F., Moser, A., & Cohen, M. (2015). A scalable file based data store for forensic
analysis. Digital Investigation, 12, S90-S101.
Kebande, V. R., & Venter, H. S. (2014).A Cloud Forensic Readiness Model Using a Botnet
as a Service. In The International Conference on Digital Security and Forensics
(DigitalSec2014) (pp. 23-32). The Society of Digital Information and Wireless
Communication.
Khan, S., Ahmad, E., Shiraz, M., Gani, A., Wahab, A. W. A., &Bagiwa, M. A. (2014,
September). Forensic challenges in mobile cloud computing. In Computer,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11
FORENSIC REPORT
Communications, and Control Technology (I4CT), 2014 International Conference on
(pp. 343-347).IEEE.
Kules, B., & Wilson, M. L. (2015).Shneiderman Ben (2008), From Keyword Search to
Exploration: How Result Visualization Aids Discovery on the Web.
Lee, S., Lee, K., Savoldi, A., & Lee, S. (2009, December). Data leak analysis in a corporate
environment. In Innovative Computing, Information and Control (ICICIC), 2009
Fourth International Conference on (pp. 38-43). IEEE.
Nanda, S., & Hansen, R. A. (2016, July). Forensics as a Service: Three-tier Architecture for
Cloud based Forensic Analysis. In Parallel and Distributed Computing (ISPDC),
2016 15th International Symposium on (pp. 178-183). IEEE.
Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and
investigations. Cengage Learning.
Nolan, R., O'sullivan, C., Branson, J., & Waits, C. (2005). First responders guide to
computer forensics (No. CMU/SEI-2005-HB-001). CARNEGIE-MELLON UNIV
PITTSBURGH PA SOFTWARE ENGINEERING INST.
Ohana, D. J., & Shashidhar, N. (2013). Do private and portable web browsers leave
incriminating evidence?: a forensic analysis of residual artifacts from private and
portable web browsing sessions. EURASIP Journal on Information Security, 2013(1),
6.
Patrascu, A., &Patriciu, V. V. (2015).Logging for cloud computing forensic
systems.International Journal of Computers Communications & Control, 10(2), 222-
229.
Peterson, G., &Shenoi, S. (Eds.). (2016). Advances in Digital Forensics XII: 12th IFIP WG
11.9 International Conference, New Delhi, January 4-6, 2016, Revised Selected
Papers (Vol. 484). Springer.
FORENSIC REPORT
Communications, and Control Technology (I4CT), 2014 International Conference on
(pp. 343-347).IEEE.
Kules, B., & Wilson, M. L. (2015).Shneiderman Ben (2008), From Keyword Search to
Exploration: How Result Visualization Aids Discovery on the Web.
Lee, S., Lee, K., Savoldi, A., & Lee, S. (2009, December). Data leak analysis in a corporate
environment. In Innovative Computing, Information and Control (ICICIC), 2009
Fourth International Conference on (pp. 38-43). IEEE.
Nanda, S., & Hansen, R. A. (2016, July). Forensics as a Service: Three-tier Architecture for
Cloud based Forensic Analysis. In Parallel and Distributed Computing (ISPDC),
2016 15th International Symposium on (pp. 178-183). IEEE.
Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and
investigations. Cengage Learning.
Nolan, R., O'sullivan, C., Branson, J., & Waits, C. (2005). First responders guide to
computer forensics (No. CMU/SEI-2005-HB-001). CARNEGIE-MELLON UNIV
PITTSBURGH PA SOFTWARE ENGINEERING INST.
Ohana, D. J., & Shashidhar, N. (2013). Do private and portable web browsers leave
incriminating evidence?: a forensic analysis of residual artifacts from private and
portable web browsing sessions. EURASIP Journal on Information Security, 2013(1),
6.
Patrascu, A., &Patriciu, V. V. (2015).Logging for cloud computing forensic
systems.International Journal of Computers Communications & Control, 10(2), 222-
229.
Peterson, G., &Shenoi, S. (Eds.). (2016). Advances in Digital Forensics XII: 12th IFIP WG
11.9 International Conference, New Delhi, January 4-6, 2016, Revised Selected
Papers (Vol. 484). Springer.
12
FORENSIC REPORT
Quick, D., & Choo, K. K. R. (2013). Forensic collection of cloud storage data: Does the act
of collection result in changes to the data or its metadata?. Digital
Investigation, 10(3), 266-277.
Rahman, S., & Khan, M. N. A. (2015).Review of Live Forensic Analysis
Techniques.International Journal of Hybrid Information Technology, 8(2), 379-88.
Ruan, K., Carthy, J., Kechadi, T., &Baggili, I. (2013). Cloud forensics definitions and critical
criteria for cloud forensic capability: An overview of survey results. Digital
Investigation, 10(1), 34-43.
Simou, S., Kalloniatis, C., Kavakli, E., &Gritzalis, S. (2014, June). Cloud forensics:
identifying the major issues and challenges. In International Conference on Advanced
Information Systems Engineering (pp. 271-284).Springer, Cham.
Spencer, S. B. (2015). The Aggregation Principle and the Future of Fourth Amendment
Jurisprudence.
Steel, C. (2006). Windows forensics: The field guide for conducting corporate computer
investigations. John wiley & sons.
FORENSIC REPORT
Quick, D., & Choo, K. K. R. (2013). Forensic collection of cloud storage data: Does the act
of collection result in changes to the data or its metadata?. Digital
Investigation, 10(3), 266-277.
Rahman, S., & Khan, M. N. A. (2015).Review of Live Forensic Analysis
Techniques.International Journal of Hybrid Information Technology, 8(2), 379-88.
Ruan, K., Carthy, J., Kechadi, T., &Baggili, I. (2013). Cloud forensics definitions and critical
criteria for cloud forensic capability: An overview of survey results. Digital
Investigation, 10(1), 34-43.
Simou, S., Kalloniatis, C., Kavakli, E., &Gritzalis, S. (2014, June). Cloud forensics:
identifying the major issues and challenges. In International Conference on Advanced
Information Systems Engineering (pp. 271-284).Springer, Cham.
Spencer, S. B. (2015). The Aggregation Principle and the Future of Fourth Amendment
Jurisprudence.
Steel, C. (2006). Windows forensics: The field guide for conducting corporate computer
investigations. John wiley & sons.
1 out of 12
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.