CloudMe Forensics: A Case of Big-Data Investigation
This work addresses the problem of timely data extraction and analysis for digital forensic practitioners in cloud-enabled big data investigations, but it is incremental as it focuses on a specific service.
The paper tackled the challenge of handling large data volumes in cloud forensics by identifying residual artefacts from the CloudMe storage service, demonstrating types and locations related to installation, uninstallation, log-in, log-off, and file synchronization on desktop and mobile clients.
The issue of increasing volume, variety and velocity of has been an area of concern in cloud forensics. The high volume of data will, at some point, become computationally exhaustive to be fully extracted and analysed in a timely manner. To cut down the size of investigation, it is important for a digital forensic practitioner to possess a well-rounded knowledge about the most relevant data artefacts from the cloud product investigating. In this paper, we seek to tackle on the residual artefacts from the use of CloudMe cloud storage service. We demonstrate the types and locations of the artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation activities from the computer desktop and mobile clients. Findings from this research will pave the way towards the development of data mining methods for cloud-enabled big data endpoint forensics investigation.