SlideShare a Scribd company logo

Study of Digital Forensics on Google Cloud Platform

Samuel Borthwick
Samuel Borthwick

This presentation provides a case study for approaching the digital forensics process on a cloud service platform.

Technology
1 of 21
Download to read offline
Study of Digital Forensics on Google Cloud Platform Aaron Sanders Casey Aniceto Samuel Borthwick Department of Computer and Information Technology, IUPUI CIT 56200 - Mobile and Network Forensics
Introduction Literature Review Case Study Forensics Process Results Conclusions Future Work Exhibit
Literature Review • Introduction to the cloud • Cloud forensics process • Legal Challenges
Intro to the cloud Cloud Computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cloud Forensics Process Timeline • Incident is identified • Agent contacts cloud service provider (CSP) and makes the request for data • Cloud technician returns data in accordance to warrant • examination of potential evidence • Autopsy • FTK • Reports and presentation to a jury for court decision Challenges • technical disconnect between judges and lawyers • establishing trust in the integrity of tools and methods • Maintaining chain of custody • Hash verification • Data collection • location of data, CSP, encrypted data • Accurate time synchronization for audit logs
Legal Challenges When beginning an investigation on a cloud service, these are questions that must be answered: Can you collect the data yourself? Which jurisdiction applies? Can you compel the disclosure of data? What tools or techniques are available for compelling information?
Case Study 1. A user has been identified to distribute malicious code to capture and store users’ private credit card information 2. An IP address has been detected and was used to discover it’s potentially running on the Google Cloud Platform in its Council Bluffs, Iowa server 3. Law Enforcement Agent assigned to collect evidence and uncover if illegal activity was performed through the use of Google Cloud and present findings
Forensics Process • With the IP Address handed over to investigators, 23.251.149.22, and IP Look is able to be conducted. • Tool used: https://www.iplocation.net/ip-lookup • Here we can see our results have provided some valuable info as to where I suspect computer is possibly located.
Forensics Process Tools we can use to potentially gain access or collect data from the machine are the following: • Warrant Request access to the machine with the corresponding IP Address with the information gathered from IP-Lookup. • Preservation Letters or Litigation Holds Temporary suspend the defendant's ability to delete resources relating to suspect machine.
Forensics Process • GCP Compute Engine • crdhost external IP of 23.251.149.22 was identified • Identification of key features of the vm instance were found
Forensics Process • GCP provided access to the vm instance log file • JSON Log of the vm instance was collected • Identified a google-sudoers group user aarsande • identified email accounts to users of the vm instance
Forensics Process • Created a file to store the vmdk image on the GCP to preserve the vm’s data • GCP charges the owner of the cloud resource a fee for the image service • Ran the image process without taking the vm instance offline • Was able to download the vmdk image
Forensics Process • Downloaded vmdk image was used on Autopsy • Selected sources as a Disk Image or VM File option • Failed to add data source error • Analysis of the vmdk image was unsuccessful in current format
Forensics Process • Changed vmdk image format to raw image format using FTK Imager • Data was unchanged and preserved in the conversion • MD5 Hash and SHA1 Hash verification was a match • The raw image was used in for the forensics analysis
Forensics Process • Analysis of the raw image found 2 pieces of evidence connected to the case • Data.csv file contained first and last name, dob, address, credit card information, and the pin to the credit cards • main.html text document had fillable forms for First name, Last name, Date of Birth, Address, Credit Card Number, and 3 Digit Pin
Results Tracked down the IP of the suspected system Gained access to the suspected system’s GCP Compute Engine Obtained host information Created a vmdk image from the GCP Created a raw image from the vmdk image using FTK Imager Completed the forensic analysis of the suspected system using Autopsy Found evidence of stolen credit cards information and the webpage used by the virtual machine
Conclusions • Creating a vm instance on the GCP required intricate steps • The GCP provided utilities to manage the vm instance • Creating a vmdk image from the GCP vm instance will charge the owner of the vm for the service - Beware • A vmdk image from the GCP did not work for us on Autopsy • FTK Imager can change the format of other image types • Using the principles of the forensics process we were able apply a similar approach to conducting cloud forensics
Future Work ● Cloud providers to create a ‘Forensics as a Service’ product for investigators ● Create an agreed upon guidelines and compliances for cloud platforms. ● Create a Cloud Forensics Certification
References ● AccessData. (2020, 11 23). FTK Imager. Retrieved from AccessData: https://accessdata.com/products-services/forensic-toolkit-ftk/ftkimager ● ACT, U. P. (2001, 10 26). UNITING AND STRENGTHENING AMERICA BY PROVIDING APPROPRIATE TOOLS REQUIRED TO INTERCEPT AND OBSTRUCT TERRORISM (USA PATRIOT ACT) ACT OF 2001. Retrieved from https://www.congress.gov/107/plaws/publ56/PLAW-107publ56.pdf ● Austin, D. (2019, 07 19). Cloud Data is Within Defendant’s Possession, Custody and Control, Court Rules: eDiscovery Case Law. Retrieved from EDiscovery Daily Blog, Cloudnine: www.ediscovery.co/ediscoverydaily/electronic-discovery/cloud-data- within-defendants-possession-custody-control-court-rules-ediscovery-case-law/ ● Autopsy Digital Forensics. (2020, 11 05). Autopsy. Retrieved from Autopsy: https://www.autopsy.com/ ● Bill West, D. C. (2019, 06 20). How Are Cloud Computing and Data Centers Related? Retrieved from connectria.com: https://www.connectria.com/blog/how-are-cloud-computing-and-data-centers-related/ ● Cauthen, J. (2014, October 07). Executing Search Warrants in the Cloud. Retrieved November 02, 2020, from https://leb.fbi.gov/articles/featured-articles/executing-search-warrants-in-the-cloud ● David Willson, A. a. (2013). Legal Issues of Cloud Forensics. Retrieved from Global Knowledge: http://www.mcrinc.com/Documents/Newsletters/201402_Legal_Issues_of_Cloud_Forensics.pdf ● David Lillis, Brett A. Becker, Tadhg O’Sullivan and Mark Scanlon(2016). Current Challenges and Future Research Areas for Digital Forensic Investigation. In CDFSL Proceedings 2016 Retrieved from: https://markscanlon.co/papers/CurrentChallengesAndFutureResearchAreas.pdf ● Debian. (2020, 11 23). Debian. Retrieved from Debian: https://www.debian.org/ ● Dykstra, J., & Sherman, A. (2012, August 02). Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Retrieved November 02, 2020, from https://www.sciencedirect.com/science/article/pii/S1742287612000266 ● Federal Bureau of Investigation. (2020, 11 23). Cyber Crime. Retrieved from FBI: https://www.fbi.gov/inv0estigate/cyber ● Google. (2020, 11 01). Google Cloud. Retrieved from Google Cloud: https://cloud.google.com/gcp/?utm_source=google&utm_medium=cpc&utm_campaign=na-US-all-en-dr-bkws-all-all-trial-e-dr-1009135&utm_content=text-ad-lpsitelinkCCexp2-any- DEV_c-CRE_133492393327-ADGP_Hybrid%20%7C%20AW%20SEM%20%7C%20BKWS%20%7C%20US%20%7C%20en%20% ● James, M., & Szewczyk, a. P. (2017). Jurisdictional Issues in Cloud Forensics . Retrieved from https://www.cscan.org/openaccess/?id=362 ● Keyun Ruan, J. C. (2013). Cloud Computing Reference Architecture and Its Forensics Implications: A Preliminary Analysis. Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 1-21. ● Location, I. (2018, December 20). How accurate is IP-based Geolocation Lookup? Retrieved from iplocation.net: https://www.iplocation.net/geolocation-accuracy ● Miller, R. (2019, 12 03). Google Building More Data Centers for Massive Future Clouds. Retrieved from datacenterfrontier.com: https://datacenterfrontier.com/google-building-more-data-centers-for-massive-future- clouds/#:~:text=The%20search%20leader%20is%20expanding,and%20one%20in%20South%20America. ● Miyachi, C. (2018). What is “Cloud”? It is time to update the NIST definition? IEEE Cloud Computing, 1-6. ● National Institute of Standards and Technology. (2011, September 28). SP 800-145 The NIST Definition of Cloud Computing. Retrieved from NIST: https://csrc.nist.gov/publications/detail/sp/800-145/final#pubs-abstract-header ● Paul Henry, Jacob Williams, and Benjamin Wright. The sans survey of digital forensics and incident response. In Tech Rep, July 2013. ● Remy, J. (n.d.). White Paper: Cloud-Based Data Collection & Analysis: A NW3C Best Practices Guide. Retrieved November 02, 2020, from https://www.magnetforensics.com/resources/cloud-data-collection-analysis-nw3c/ ● Saurav, N., & Raymond, H. (2016). Forensics as a Service: Three-tier Architecture forCloud based Forensic Analysis. Retrieved from academia.edu: https://www.academia.edu/27421815/Forensics_as_a_Service_Three_tier_Architecture_for_Cloud_based_Forensic_Analysis?auto=download ● Search and Seizure Warrant. (2013). Retrieved November 24, 2020, from https://www.uscourts.gov/forms/law-enforcement-grand-jury-and-prosecution-forms/search-and-seizure-warrant ● Simou, S., Kalloniatis, C., Gritzalis, S., & Mouratidis, H. (2016, 11 08). A survey on cloud forensics challenges and solutions. Retrieved from Wiley Online Library: https://onlinelibrary.wiley.com/doi/full/10.1002/sec.1688 ● Spectre Intelligence. (2019, 12 23). Federal Rules of Evidence and How it Applies to Cloud Forensics Examinations. Retrieved from Spectre Intelligence: https://www.spectreintel.com/federal-rules-of-evidence-and-how-it-applies-to-cloud-forensics/ ● Weiwei Kong, Y. L. (2018). Data security and privacy information challenges in cloud computing. International Journal of Computational Science and Engineering, 215-218. Retrieved from International Journal of Computational Science and Engineering.
Any Questions? Except from Jason B.

Recommended

Evading Microsoft ATA for Active Directory Domination
Evading Microsoft ATA for Active Directory DominationEvading Microsoft ATA for Active Directory Domination
Evading Microsoft ATA for Active Directory DominationNikhil Mittal
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wireInfoSec Addicts
 
Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsgaurang17
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 

Recommended

Evading Microsoft ATA for Active Directory Domination
Evading Microsoft ATA for Active Directory DominationEvading Microsoft ATA for Active Directory Domination
Evading Microsoft ATA for Active Directory DominationNikhil Mittal
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Threat hunting on the wire
Threat hunting on the wireThreat hunting on the wire
Threat hunting on the wireInfoSec Addicts
 
Anti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsAnti forensics-techniques-for-browsing-artifacts
Anti forensics-techniques-for-browsing-artifactsgaurang17
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Network forensics
Network forensicsNetwork forensics
Network forensicsArthyR3
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory ForensicsAndrew Case
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
Getting Data into Splunk
Getting Data into SplunkGetting Data into Splunk
Getting Data into SplunkSplunk
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
The Trouble with Cloud Forensics
The Trouble with Cloud ForensicsThe Trouble with Cloud Forensics
The Trouble with Cloud ForensicsSharique Rizvi
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory ForensicsAnshul Tayal
 
BT Güvenlik ve Kariyer Klavuzu
BT Güvenlik ve Kariyer KlavuzuBT Güvenlik ve Kariyer Klavuzu
BT Güvenlik ve Kariyer KlavuzuBGA Cyber Security
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
201412 정보보안 보안교육자료
201412 정보보안 보안교육자료201412 정보보안 보안교육자료
201412 정보보안 보안교육자료시온시큐리티
 
Bluetooth Vulnerabilities
Bluetooth VulnerabilitiesBluetooth Vulnerabilities
Bluetooth VulnerabilitiesVictorYee
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Data recovery with a view of digital forensics
Data recovery with a view of digital forensics Data recovery with a view of digital forensics
Data recovery with a view of digital forensics Ahmed Hashad
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC Anton Chuvakin
 
Research Paper Digital Forensics on Google Cloud Platform
Research Paper Digital Forensics on Google Cloud PlatformResearch Paper Digital Forensics on Google Cloud Platform
Research Paper Digital Forensics on Google Cloud PlatformSamuel Borthwick
 
G017424448
G017424448G017424448
G017424448IOSR Journals
 

More Related Content

What's hot

Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory ForensicsAndrew Case
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
Getting Data into Splunk
Getting Data into SplunkGetting Data into Splunk
Getting Data into SplunkSplunk
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
The Trouble with Cloud Forensics
The Trouble with Cloud ForensicsThe Trouble with Cloud Forensics
The Trouble with Cloud ForensicsSharique Rizvi
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
BT Güvenlik ve Kariyer Klavuzu
BT Güvenlik ve Kariyer KlavuzuBT Güvenlik ve Kariyer Klavuzu
BT Güvenlik ve Kariyer KlavuzuBGA Cyber Security
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
201412 정보보안 보안교육자료
201412 정보보안 보안교육자료201412 정보보안 보안교육자료
201412 정보보안 보안교육자료시온시큐리티
 
Bluetooth Vulnerabilities
Bluetooth VulnerabilitiesBluetooth Vulnerabilities
Bluetooth VulnerabilitiesVictorYee
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Data recovery with a view of digital forensics
Data recovery with a view of digital forensics Data recovery with a view of digital forensics
Data recovery with a view of digital forensics Ahmed Hashad
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC Anton Chuvakin
 

What's hot (20)

Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
 
Getting Data into Splunk
Getting Data into SplunkGetting Data into Splunk
Getting Data into Splunk
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
The Trouble with Cloud Forensics
The Trouble with Cloud ForensicsThe Trouble with Cloud Forensics
The Trouble with Cloud Forensics
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Memory forensics
Memory forensicsMemory forensics
Memory forensics
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
BT Güvenlik ve Kariyer Klavuzu
BT Güvenlik ve Kariyer KlavuzuBT Güvenlik ve Kariyer Klavuzu
BT Güvenlik ve Kariyer Klavuzu
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensics
 
201412 정보보안 보안교육자료
201412 정보보안 보안교육자료201412 정보보안 보안교육자료
201412 정보보안 보안교육자료
 
Bluetooth Vulnerabilities
Bluetooth VulnerabilitiesBluetooth Vulnerabilities
Bluetooth Vulnerabilities
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Data recovery with a view of digital forensics
Data recovery with a view of digital forensics Data recovery with a view of digital forensics
Data recovery with a view of digital forensics
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC SOCstock 2021 The Cloud-native SOC
SOCstock 2021 The Cloud-native SOC
 

Similar to Study of Digital Forensics on Google Cloud Platform

Research Paper Digital Forensics on Google Cloud Platform
Research Paper Digital Forensics on Google Cloud PlatformResearch Paper Digital Forensics on Google Cloud Platform
Research Paper Digital Forensics on Google Cloud PlatformSamuel Borthwick
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityTech and Law Center
 
Challenges in Cloud Forensics
Challenges in Cloud ForensicsChallenges in Cloud Forensics
Challenges in Cloud ForensicsGayan Weerarathna
 
Remote data integrity checking with a third party auditor in public cloud usi...
Remote data integrity checking with a third party auditor in public cloud usi...Remote data integrity checking with a third party auditor in public cloud usi...
Remote data integrity checking with a third party auditor in public cloud usi...IJSRED
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsCSCJournals
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionIJERA Editor
 
Enhancements in the world of digital forensics
Enhancements in the world of digital forensicsEnhancements in the world of digital forensics
Enhancements in the world of digital forensicsIAESIJAI
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
Grid Computing - Collection of computer resources from multiple locations
Grid Computing - Collection of computer resources from multiple locationsGrid Computing - Collection of computer resources from multiple locations
Grid Computing - Collection of computer resources from multiple locationsDibyadip Das
 
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...Nexgen Technology
 
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public CloudProxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public CloudIRJET Journal
 
E Discovery Cloud
E Discovery CloudE Discovery Cloud
E Discovery Cloudgjohansen
 
IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...
IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...
IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...IRJET Journal
 
MSc Dissertation on cloud Deekshant Jeerakun
MSc Dissertation on cloud Deekshant JeerakunMSc Dissertation on cloud Deekshant Jeerakun
MSc Dissertation on cloud Deekshant JeerakunDeekshant Jeerakun. MBCS
 
Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxReview on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxVaishnaviBorse8
 

Similar to Study of Digital Forensics on Google Cloud Platform (20)

Research Paper Digital Forensics on Google Cloud Platform
Research Paper Digital Forensics on Google Cloud PlatformResearch Paper Digital Forensics on Google Cloud Platform
Research Paper Digital Forensics on Google Cloud Platform
 
G017424448
G017424448G017424448
G017424448
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the Singularity
 
Challenges in Cloud Forensics
Challenges in Cloud ForensicsChallenges in Cloud Forensics
Challenges in Cloud Forensics
 
Remote data integrity checking with a third party auditor in public cloud usi...
Remote data integrity checking with a third party auditor in public cloud usi...Remote data integrity checking with a third party auditor in public cloud usi...
Remote data integrity checking with a third party auditor in public cloud usi...
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future Directions
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
Enhancements in the world of digital forensics
Enhancements in the world of digital forensicsEnhancements in the world of digital forensics
Enhancements in the world of digital forensics
 
3. the grid new infrastructure
3. the grid new infrastructure3. the grid new infrastructure
3. the grid new infrastructure
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
 
Grid Computing - Collection of computer resources from multiple locations
Grid Computing - Collection of computer resources from multiple locationsGrid Computing - Collection of computer resources from multiple locations
Grid Computing - Collection of computer resources from multiple locations
 
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
 
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public CloudProxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
Proxy-Oriented Data Uploading & Monitoring Remote Data Integrity in Public Cloud
 
E Discovery Cloud
E Discovery CloudE Discovery Cloud
E Discovery Cloud
 
IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...
IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...
IRJET-An Algorithmic Approach for Remote Data Uploading and Integrity Checkin...
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
MSc Dissertation on cloud Deekshant Jeerakun
MSc Dissertation on cloud Deekshant JeerakunMSc Dissertation on cloud Deekshant Jeerakun
MSc Dissertation on cloud Deekshant Jeerakun
 
Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxReview on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptx
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Study of Digital Forensics on Google Cloud Platform

  • 1. Study of Digital Forensics on Google Cloud Platform Aaron Sanders Casey Aniceto Samuel Borthwick Department of Computer and Information Technology, IUPUI CIT 56200 - Mobile and Network Forensics
  • 2. Introduction Literature Review Case Study Forensics Process Results Conclusions Future Work Exhibit
  • 3. Literature Review • Introduction to the cloud • Cloud forensics process • Legal Challenges
  • 4. Intro to the cloud Cloud Computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.
  • 5. Cloud Forensics Process Timeline • Incident is identified • Agent contacts cloud service provider (CSP) and makes the request for data • Cloud technician returns data in accordance to warrant • examination of potential evidence • Autopsy • FTK • Reports and presentation to a jury for court decision Challenges • technical disconnect between judges and lawyers • establishing trust in the integrity of tools and methods • Maintaining chain of custody • Hash verification • Data collection • location of data, CSP, encrypted data • Accurate time synchronization for audit logs
  • 6. Legal Challenges When beginning an investigation on a cloud service, these are questions that must be answered: Can you collect the data yourself? Which jurisdiction applies? Can you compel the disclosure of data? What tools or techniques are available for compelling information?
  • 7. Case Study 1. A user has been identified to distribute malicious code to capture and store users’ private credit card information 2. An IP address has been detected and was used to discover it’s potentially running on the Google Cloud Platform in its Council Bluffs, Iowa server 3. Law Enforcement Agent assigned to collect evidence and uncover if illegal activity was performed through the use of Google Cloud and present findings
  • 8. Forensics Process • With the IP Address handed over to investigators, 23.251.149.22, and IP Look is able to be conducted. • Tool used: https://www.iplocation.net/ip-lookup • Here we can see our results have provided some valuable info as to where I suspect computer is possibly located.
  • 9. Forensics Process Tools we can use to potentially gain access or collect data from the machine are the following: • Warrant Request access to the machine with the corresponding IP Address with the information gathered from IP-Lookup. • Preservation Letters or Litigation Holds Temporary suspend the defendant's ability to delete resources relating to suspect machine.
  • 10. Forensics Process • GCP Compute Engine • crdhost external IP of 23.251.149.22 was identified • Identification of key features of the vm instance were found
  • 11. Forensics Process • GCP provided access to the vm instance log file • JSON Log of the vm instance was collected • Identified a google-sudoers group user aarsande • identified email accounts to users of the vm instance
  • 12. Forensics Process • Created a file to store the vmdk image on the GCP to preserve the vm’s data • GCP charges the owner of the cloud resource a fee for the image service • Ran the image process without taking the vm instance offline • Was able to download the vmdk image
  • 13. Forensics Process • Downloaded vmdk image was used on Autopsy • Selected sources as a Disk Image or VM File option • Failed to add data source error • Analysis of the vmdk image was unsuccessful in current format
  • 14. Forensics Process • Changed vmdk image format to raw image format using FTK Imager • Data was unchanged and preserved in the conversion • MD5 Hash and SHA1 Hash verification was a match • The raw image was used in for the forensics analysis
  • 15. Forensics Process • Analysis of the raw image found 2 pieces of evidence connected to the case • Data.csv file contained first and last name, dob, address, credit card information, and the pin to the credit cards • main.html text document had fillable forms for First name, Last name, Date of Birth, Address, Credit Card Number, and 3 Digit Pin
  • 16. Results Tracked down the IP of the suspected system Gained access to the suspected system’s GCP Compute Engine Obtained host information Created a vmdk image from the GCP Created a raw image from the vmdk image using FTK Imager Completed the forensic analysis of the suspected system using Autopsy Found evidence of stolen credit cards information and the webpage used by the virtual machine
  • 17. Conclusions • Creating a vm instance on the GCP required intricate steps • The GCP provided utilities to manage the vm instance • Creating a vmdk image from the GCP vm instance will charge the owner of the vm for the service - Beware • A vmdk image from the GCP did not work for us on Autopsy • FTK Imager can change the format of other image types • Using the principles of the forensics process we were able apply a similar approach to conducting cloud forensics
  • 18. Future Work ● Cloud providers to create a ‘Forensics as a Service’ product for investigators ● Create an agreed upon guidelines and compliances for cloud platforms. ● Create a Cloud Forensics Certification
  • 19.
  • 20. References ● AccessData. (2020, 11 23). FTK Imager. Retrieved from AccessData: https://accessdata.com/products-services/forensic-toolkit-ftk/ftkimager ● ACT, U. P. (2001, 10 26). UNITING AND STRENGTHENING AMERICA BY PROVIDING APPROPRIATE TOOLS REQUIRED TO INTERCEPT AND OBSTRUCT TERRORISM (USA PATRIOT ACT) ACT OF 2001. Retrieved from https://www.congress.gov/107/plaws/publ56/PLAW-107publ56.pdf ● Austin, D. (2019, 07 19). Cloud Data is Within Defendant’s Possession, Custody and Control, Court Rules: eDiscovery Case Law. Retrieved from EDiscovery Daily Blog, Cloudnine: www.ediscovery.co/ediscoverydaily/electronic-discovery/cloud-data- within-defendants-possession-custody-control-court-rules-ediscovery-case-law/ ● Autopsy Digital Forensics. (2020, 11 05). Autopsy. Retrieved from Autopsy: https://www.autopsy.com/ ● Bill West, D. C. (2019, 06 20). How Are Cloud Computing and Data Centers Related? Retrieved from connectria.com: https://www.connectria.com/blog/how-are-cloud-computing-and-data-centers-related/ ● Cauthen, J. (2014, October 07). Executing Search Warrants in the Cloud. Retrieved November 02, 2020, from https://leb.fbi.gov/articles/featured-articles/executing-search-warrants-in-the-cloud ● David Willson, A. a. (2013). Legal Issues of Cloud Forensics. Retrieved from Global Knowledge: http://www.mcrinc.com/Documents/Newsletters/201402_Legal_Issues_of_Cloud_Forensics.pdf ● David Lillis, Brett A. Becker, Tadhg O’Sullivan and Mark Scanlon(2016). Current Challenges and Future Research Areas for Digital Forensic Investigation. In CDFSL Proceedings 2016 Retrieved from: https://markscanlon.co/papers/CurrentChallengesAndFutureResearchAreas.pdf ● Debian. (2020, 11 23). Debian. Retrieved from Debian: https://www.debian.org/ ● Dykstra, J., & Sherman, A. (2012, August 02). Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Retrieved November 02, 2020, from https://www.sciencedirect.com/science/article/pii/S1742287612000266 ● Federal Bureau of Investigation. (2020, 11 23). Cyber Crime. Retrieved from FBI: https://www.fbi.gov/inv0estigate/cyber ● Google. (2020, 11 01). Google Cloud. Retrieved from Google Cloud: https://cloud.google.com/gcp/?utm_source=google&utm_medium=cpc&utm_campaign=na-US-all-en-dr-bkws-all-all-trial-e-dr-1009135&utm_content=text-ad-lpsitelinkCCexp2-any- DEV_c-CRE_133492393327-ADGP_Hybrid%20%7C%20AW%20SEM%20%7C%20BKWS%20%7C%20US%20%7C%20en%20% ● James, M., & Szewczyk, a. P. (2017). Jurisdictional Issues in Cloud Forensics . Retrieved from https://www.cscan.org/openaccess/?id=362 ● Keyun Ruan, J. C. (2013). Cloud Computing Reference Architecture and Its Forensics Implications: A Preliminary Analysis. Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 1-21. ● Location, I. (2018, December 20). How accurate is IP-based Geolocation Lookup? Retrieved from iplocation.net: https://www.iplocation.net/geolocation-accuracy ● Miller, R. (2019, 12 03). Google Building More Data Centers for Massive Future Clouds. Retrieved from datacenterfrontier.com: https://datacenterfrontier.com/google-building-more-data-centers-for-massive-future- clouds/#:~:text=The%20search%20leader%20is%20expanding,and%20one%20in%20South%20America. ● Miyachi, C. (2018). What is “Cloud”? It is time to update the NIST definition? IEEE Cloud Computing, 1-6. ● National Institute of Standards and Technology. (2011, September 28). SP 800-145 The NIST Definition of Cloud Computing. Retrieved from NIST: https://csrc.nist.gov/publications/detail/sp/800-145/final#pubs-abstract-header ● Paul Henry, Jacob Williams, and Benjamin Wright. The sans survey of digital forensics and incident response. In Tech Rep, July 2013. ● Remy, J. (n.d.). White Paper: Cloud-Based Data Collection & Analysis: A NW3C Best Practices Guide. Retrieved November 02, 2020, from https://www.magnetforensics.com/resources/cloud-data-collection-analysis-nw3c/ ● Saurav, N., & Raymond, H. (2016). Forensics as a Service: Three-tier Architecture forCloud based Forensic Analysis. Retrieved from academia.edu: https://www.academia.edu/27421815/Forensics_as_a_Service_Three_tier_Architecture_for_Cloud_based_Forensic_Analysis?auto=download ● Search and Seizure Warrant. (2013). Retrieved November 24, 2020, from https://www.uscourts.gov/forms/law-enforcement-grand-jury-and-prosecution-forms/search-and-seizure-warrant ● Simou, S., Kalloniatis, C., Gritzalis, S., & Mouratidis, H. (2016, 11 08). A survey on cloud forensics challenges and solutions. Retrieved from Wiley Online Library: https://onlinelibrary.wiley.com/doi/full/10.1002/sec.1688 ● Spectre Intelligence. (2019, 12 23). Federal Rules of Evidence and How it Applies to Cloud Forensics Examinations. Retrieved from Spectre Intelligence: https://www.spectreintel.com/federal-rules-of-evidence-and-how-it-applies-to-cloud-forensics/ ● Weiwei Kong, Y. L. (2018). Data security and privacy information challenges in cloud computing. International Journal of Computational Science and Engineering, 215-218. Retrieved from International Journal of Computational Science and Engineering.