Ubuntu One Investigation: Detecting Evidences on Client Machines
This work addresses the need for digital forensic investigators to understand evidence storage in cloud services, though it is incremental as it focuses on a specific service.
The study investigated data remnants from Ubuntu One cloud service activities on client devices, identifying evidential artifacts such as databases, logs, memory traces, and network traffic across Windows, Mac OS X, and iOS platforms.
STorage as a Service (STaaS) cloud services has been adopted by both individuals and businesses as a dominant technology worldwide. Similar to other technologies, this widely accepted service can be misused by criminals. Investigating cloud platforms is becoming a standard component of contemporary digital investigation cases. Hence, digital forensic investigators need to have a working knowledge of the potential evidence that might be stored on cloud services. In this chapter, we conducted a number of experiments to locate data remnants of users' activities when utilizing the Ubuntu One cloud service. We undertook experiments based on common activities performed by users on cloud platforms including downloading, uploading, viewing, and deleting files. We then examined the resulting digital artifacts on a range of client devices, namely, Windows 8.1, Apple Mac OS X, and Apple iOS. Our examination extracted a variety of potentially evidential items ranging from Ubuntu One databases and log files on persistent storage to remnants of user activities in device memory and network traffic.