Investigating Storage as a Service Cloud Platform: pCloud as a Case Study
This work addresses the need for forensic examiners to handle cloud storage investigations, but it is incremental as it applies existing forensic methods to a specific service.
The study tackled the problem of investigating cloud storage platforms for forensic purposes by analyzing pCloud as a case study, identifying retrievable artifacts across multiple operating systems and web browsers.
Due to the flexibility, affordability and portability of cloud storage, individuals and companies envisage the cloud storage as one of the preferred storage media nowadays. This attracts the eyes of cyber criminals, since much valuable informa- tion such as user credentials, and private customer records are stored in the cloud. There are many ways for criminals to compromise cloud services; ranging from non-technical attack methods, such as social engineering, to deploying advanced malwares. Therefore, it is vital for cyber forensics examiners to be equipped and informed about best methods for investigation of different cloud platforms. In this chapter, using pCloud (an extensively used online cloud storage service) as a case study, and we elaborate on different kinds of artefacts retrievable during a forensics examination. We carried out our experiments on four different virtual machines running four popular operating systems: a 64 bit Windows 8, Ubuntu 14.04.1 LTS, Android 4.4.2, and iOS 8.1. Moreover, we examined cloud remnants of two different web browsers: Internet Explorer and Google Chrome on Windows. We believe that our study would promote awareness among digital forensic examiners on how to conduct cloud storage forensics examination.