•  
  •  
 

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today’s always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect’s computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.

References

Association of Chief Police Officers. (2011). ACPO Good Practice Guide for Digital Evidence. http://www.acpo.police.uk/documents/crime/2011/ 201110-cba-digital-evidence-v5.pdf.

Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital forensic investigation of cloud storage services. Digital investigation, 9 (2), 81–95.

Dropbox Inc. (2014, April). Dropbox company information. https://www.dropbox.com/ news/company-info.

Duranti, L., Pan, W., Rowe, J., & Barlaoura, G. (2013). Records in the Cloud (RiC). Farina, J., Scanlon, M., & Kechadi, M.-T. (2014). ”BitTorrent Sync: First Impressions and Digital Forensic Implications”. Digital Investigation, 11 (S1), S77 - S86. Retrieved from http://www.sciencedirect.com/ science/article/pii/S1742287614000152 doi: http://dx.doi.org/10.1016/j.diin.2014.03.010

Federici, C. (2014). Cloud data imager: A unified answer to remote acquisition of cloud storage areas. Digital Investigation, 11 (1), 30 - 42. Retrieved from http://www.sciencedirect.com/science/ article/pii/S174228761400005X doi: http://dx.doi.org/10.1016/j.diin.2014.02.002

Grispos, G., Glisson, W. B., & Storer, T. (2013). Using Smartphones as a Proxy for Forensic Evidence Contained in Cloud Storage Services. 2013 46th Hawaii International Conference on System Sciences, 0 , 4910-4919. doi: http://doi.ieeecomputersociety.org/10.1109/

HICSS.2013.592Hoog, A., & Strzempka, K. (2011). iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices.

Elsevier. Kenneally, E. E. (2005). Confluence of digital evidence and the law: on the forensic soundness of live-remote digital evidence collection. UCLA JL & Tech., 2005 , 5–6.

Quick, D. (2012). Forensic Analysis of Cloud Storage Client Data. Unpublished master’s thesis, University of South Australia, Adelaide, Australia.

Quick, D., & Choo, K.-K. R. (2013). Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Digital Investigation, 10 (3), 266 - 277. Retrieved from http://www.sciencedirect.com/science/ article/pii/S1742287613000741 doi: http://dx.doi.org/10.1016/j.diin.2013.07.001

Scanlon, M., Farina, J., & Kechadi, M.-T. (2014, September). Bittorrent sync: Network investigation methodology. In Proceedings of Ninth International Conference on Availability, Reliability and Security (ARES 2014). Fribourg, Switzerland: IEEE.

Scanlon, M., & Kechadi, M.-T. (2010). Online acquisition of digital forensic evidence. In S. Goel (Ed.), Digital forensics and cyber crime (Vol. 31, p. 122-131). Springer Berlin Heidelberg. Retrieved from http://dx.doi.org/10.1007/ 978-3-642-11534-9 12 doi: 10.1007/978-3-642-11534-9 12

Zdziarski, J. (2008). iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets. O’Reilly Media.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.