-
Digital Footprints of Streaming Devices
Authors:
Sundar Krishnan,
William Bradley Glisson
Abstract:
These days, there are many ways to watch streaming videos on television. When compared to a standalone smart television, streaming devices such as Roku and Amazon Fire Stick have a plethora of app selections. While these devices are platform agnostic and compatible with smartphones, they can still leave behind crumbs of sensitive data that can cause privacy, security, and forensic issues. In this…
▽ More
These days, there are many ways to watch streaming videos on television. When compared to a standalone smart television, streaming devices such as Roku and Amazon Fire Stick have a plethora of app selections. While these devices are platform agnostic and compatible with smartphones, they can still leave behind crumbs of sensitive data that can cause privacy, security, and forensic issues. In this paper, the authors conduct an experiment with streaming devices to ascertain digital footprints from network traffic and mobile forensics that they leave behind.
△ Less
Submitted 9 February, 2024;
originally announced February 2024.
-
A Digital Forensics Investigation of a Smart Scale IoT Ecosystem
Authors:
George Grispos,
Frank Tursi,
Raymond Choo,
William Mahoney,
William Bradley Glisson
Abstract:
The introduction of Internet of Things (IoT) ecosystems into personal homes and businesses prompts the idea that such ecosystems contain residual data, which can be used as digital evidence in court proceedings. However, the forensic examination of IoT ecosystems introduces a number of investigative problems for the digital forensics community. One of these problems is the limited availability of…
▽ More
The introduction of Internet of Things (IoT) ecosystems into personal homes and businesses prompts the idea that such ecosystems contain residual data, which can be used as digital evidence in court proceedings. However, the forensic examination of IoT ecosystems introduces a number of investigative problems for the digital forensics community. One of these problems is the limited availability of practical processes and techniques to guide the preservation and analysis of residual data from these ecosystems. Focusing on a detailed case study of the iHealth Smart Scale ecosystem, we present an empirical demonstration of practical techniques to recover residual data from different evidence sources within a smart scale ecosystem. We also document the artifacts that can be recovered from a smart scale ecosystem, which could inform a digital (forensic) investigation. The findings in this research provides a foundation for future studies regarding the development of processes and techniques suitable for extracting and examining residual data from IoT ecosystems.
△ Less
Submitted 12 September, 2021;
originally announced September 2021.
-
Investigating 3D Printer Residual Data
Authors:
Daniel Bradford Miller,
Jacob Gatlin,
William Bradley Glisson,
Mark Yampolskiy,
Jeffrey Todd McDonald
Abstract:
The continued adoption of Additive Manufacturing technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided insight into the retrieval of configuration information…
▽ More
The continued adoption of Additive Manufacturing technologies is raising concerns in the security, forensics, and intelligence gathering communities. These concerns range from identifying and mitigating compromised devices, to theft of intellectual property, to sabotage, to the production of prohibited objects. Previous research has provided insight into the retrieval of configuration information maintained on the devices, but this work shows that the devices can additionally maintain information about the print process. Comparisons between before and after images taken from an AM device reveal details about the device's activities, including printed designs, menu interactions, and the print history. Patterns in the storage of that information also may be useful for reducing the amount of data that needs to be examined during an investigation. These results provide a foundation for future investigations regarding the tools and processes suitable for examining these devices.
△ Less
Submitted 22 January, 2019;
originally announced January 2019.
-
A Bleeding Digital Heart: Identifying Residual Data Generation from Smartphone Applications Interacting with Medical Devices
Authors:
George Grispos,
William Bradley Glisson,
Peter Cooper
Abstract:
The integration of medical devices in everyday life prompts the idea that these devices will increasingly have evidential value in civil and criminal proceedings. However, the investigation of these devices presents new challenges for the digital forensics community. Previous research has shown that mobile devices provide investigators with a wealth of information. Hence, mobile devices that are u…
▽ More
The integration of medical devices in everyday life prompts the idea that these devices will increasingly have evidential value in civil and criminal proceedings. However, the investigation of these devices presents new challenges for the digital forensics community. Previous research has shown that mobile devices provide investigators with a wealth of information. Hence, mobile devices that are used within medical environments potentially provide an avenue for investigating and analyzing digital evidence from such devices. The research contribution of this paper is twofold. First, it provides an empirical analysis of the viability of using information from smartphone applications developed to complement a medical device, as digital evidence. Second, it includes documentation on the artifacts that are potentially useful in a digital forensics investigation of smartphone applications that interact with medical devices.
△ Less
Submitted 11 January, 2019;
originally announced January 2019.
-
How Good is Your Data? Investigating the Quality of Data Generated During Security Incident Response Investigations
Authors:
George Grispos,
William Bradley Glisson,
Tim Storer
Abstract:
An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization's security incident response team. However, researchers have argued that the…
▽ More
An increasing number of cybersecurity incidents prompts organizations to explore alternative security solutions, such as threat intelligence programs. For such programs to succeed, data needs to be collected, validated, and recorded in relevant datastores. One potential source supplying these datastores is an organization's security incident response team. However, researchers have argued that these teams focus more on eradication and recovery and less on providing feedback to enhance organizational security. This prompts the idea that data collected during security incident investigations may be of insufficient quality for threat intelligence analysis. While previous discussions focus on data quality issues from threat intelligence sharing perspectives, minimal research examines the data generated during incident response investigations. This paper presents the results of a case study identifying data quality challenges in a Fortune 500 organization's incident response team. Furthermore, the paper provides the foundation for future research regarding data quality concerns in security incident response.
△ Less
Submitted 11 January, 2019;
originally announced January 2019.
-
Digital Blues: An Investigation into the Use of Bluetooth Protocols
Authors:
William Ledbetter,
William Bradley Glisson,
Todd McDonald,
Todd Andel,
George Grispos,
Kim-Kwang Raymond Choo
Abstract:
The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The…
▽ More
The proliferation of Bluetooth mobile device communications into all aspects of modern society raises security questions by both academicians and practitioners. This environment prompted an investigation into the real-world use of Bluetooth protocols along with an analysis of documented security attacks. The experiment discussed in this paper collected data for one week in a local coffee shop. The data collection took about an hour each day and identified 478 distinct devices. The contribution of this research is two-fold. First, it provides insight into real-world Bluetooth protocols that are being utilized by the general public. Second, it provides foundational research that is necessary for future Bluetooth penetration testing research.
△ Less
Submitted 6 August, 2018;
originally announced August 2018.
-
Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices
Authors:
Patrick Luckett,
J Todd McDonald,
William Bradley Glisson
Abstract:
The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient's vital signs. This integration creates environments that are conducive to malicious activities. The potential…
▽ More
The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient's vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community.
Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components.
△ Less
Submitted 14 September, 2017;
originally announced September 2017.
-
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
Authors:
George Grispos,
William Bradley Glisson,
Kim-Kwang Raymond Choo
Abstract:
The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system…
▽ More
The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.
△ Less
Submitted 17 August, 2017;
originally announced August 2017.
-
Security Incident Recognition and Reporting (SIRR): An Industrial Perspective
Authors:
George Grispos,
William Bradley Glisson,
David Bourrie,
Tim Storer,
Stacy Miller
Abstract:
Reports and press releases highlight that security incidents continue to plague organizations. While researchers and practitioners' alike endeavor to identify and implement realistic security solutions to prevent incidents from occurring, the ability to initially identify a security incident is paramount when researching a security incident lifecycle. Hence, this research investigates the ability…
▽ More
Reports and press releases highlight that security incidents continue to plague organizations. While researchers and practitioners' alike endeavor to identify and implement realistic security solutions to prevent incidents from occurring, the ability to initially identify a security incident is paramount when researching a security incident lifecycle. Hence, this research investigates the ability of employees in a Global Fortune 500 financial organization, through internal electronic surveys, to recognize and report security incidents to pursue a more holistic security posture. The research contribution is an initial insight into security incident perceptions by employees in the financial sector as well as serving as an initial guide for future security incident recognition and reporting initiatives.
△ Less
Submitted 21 June, 2017;
originally announced June 2017.
-
In The Wild Residual Data Research and Privacy
Authors:
William Bradley Glisson,
Tim Storer,
Andrew Blyth,
George Grispos,
Matt Campbell
Abstract:
As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering 'real-world' or 'in-the-wild' residual data, obtained from a variety of sources, without th…
▽ More
As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering 'real-world' or 'in-the-wild' residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild and analyzes the challenges that were confronted. Amalgamating these insights, the research presents a compendium of practices for addressing the issues that can arise in-the-wild when conducting residual data research. The practices identified in this research can be used to critique current projects and assess the feasibility of proposed future research.
△ Less
Submitted 11 October, 2016;
originally announced October 2016.
-
Towards Security of Additive Layer Manufacturing
Authors:
Mark Yampolskiy,
Todd R. Andel,
J. Todd McDonald,
William B. Glisson,
Alec Yasinsac
Abstract:
Additive Layer Manufacturing (ALM), also broadly known as 3D printing, is a new technology to produce 3D objects. As an opposite approach to the conventional subtractive manufacturing process, 3D objects are created by adding thin material layers over layers. Until recently, they have been used, mainly, for plastic models. However, the technology has evolved making it possible to use high-quality…
▽ More
Additive Layer Manufacturing (ALM), also broadly known as 3D printing, is a new technology to produce 3D objects. As an opposite approach to the conventional subtractive manufacturing process, 3D objects are created by adding thin material layers over layers. Until recently, they have been used, mainly, for plastic models. However, the technology has evolved making it possible to use high-quality printing with metal alloys. Agencies and companies like NASA, ESA, Boeing, Airbus, etc. are investigating various ALM technology application areas. Recently, SpaceX used additive manufacturing to produce engine chambers for the newest Dragon spacecraft. BAE System plans to print on-demand a complete Unmanned Aerial Vehicle (UAV), depending on the operational requirements. Companies expect the implementation of ALM technology will bring a broad variety of technological and economic benefits. This includes, but not limited to, the reduction of the time needed to produce complex parts, reduction of wasted material and thus control of production costs along with minimization of part storage space as companies implement just-in-time and on-demand production solutions. The broad variety of application areas and a high grade of computerization of the manufacturing process will inevitably make ALM an attractive target for various attacks.
△ Less
Submitted 13 January, 2015;
originally announced February 2016.
-
Compromising a Medical Mannequin
Authors:
William Bradley Glisson,
Todd Andel,
Todd McDonald,
Mike Jacobs,
Matt Campbell,
Johnny Mayr
Abstract:
Medical training devices are becoming increasingly dependent on technology, creating opportunities that are inherently conducive to security breaches. Previous medical device research has focused on individual device security breaches and the technical aspects involved with these breaches. This research examines the viability of breaching a production-deployed medical training mannequin. The resul…
▽ More
Medical training devices are becoming increasingly dependent on technology, creating opportunities that are inherently conducive to security breaches. Previous medical device research has focused on individual device security breaches and the technical aspects involved with these breaches. This research examines the viability of breaching a production-deployed medical training mannequin. The results of the proof of concept research indicate that it is possible to breach a medical training mannequin in a live environment. The research contribution is an initial empirical analysis of the viability of compromising a medical training mannequin along with providing the foundation for future research.
△ Less
Submitted 31 August, 2015;
originally announced September 2015.
-
Security Incident Response Criteria: A Practitioner's Perspective
Authors:
George Grispos,
William Bradley Glisson,
Tim Storer
Abstract:
Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The…
▽ More
Industrial reports indicate that security incidents continue to inflict large financial losses on organizations. Researchers and industrial analysts contend that there are fundamental problems with existing security incident response process solutions. This paper presents the Security Incident Response Criteria (SIRC) which can be applied to a variety of security incident response approaches. The criteria are derived from empirical data based on in-depth interviews conducted within a Global Fortune 500 organization and supporting literature. The research contribution of this paper is twofold. First, the criteria presented in this paper can be used to evaluate existing security incident response solutions and second, as a guide, to support future security incident response improvement initiatives.
△ Less
Submitted 11 August, 2015;
originally announced August 2015.
-
Recovering Residual Forensic Data from Smartphone Interactions with Cloud Storage Providers
Authors:
George Grispos,
William Bradley Glisson,
Tim Storer
Abstract:
There is a growing demand for cloud storage services such as Dropbox, Box, Syncplicity and SugarSync. These public cloud storage services can store gigabytes of corporate and personal data in remote data centres around the world, which can then be synchronized to multiple devices. This creates an environment which is potentially conducive to security incidents, data breaches and other malicious ac…
▽ More
There is a growing demand for cloud storage services such as Dropbox, Box, Syncplicity and SugarSync. These public cloud storage services can store gigabytes of corporate and personal data in remote data centres around the world, which can then be synchronized to multiple devices. This creates an environment which is potentially conducive to security incidents, data breaches and other malicious activities. The forensic investigation of public cloud environments presents a number of new challenges for the digital forensics community. However, it is anticipated that end-devices such as smartphones, will retain data from these cloud storage services. This research investigates how forensic tools that are currently available to practitioners can be used to provide a practical solution for the problems related to investigating cloud storage environments. The research contribution is threefold. First, the findings from this research support the idea that end-devices which have been used to access cloud storage services can be used to provide a partial view of the evidence stored in the cloud service. Second, the research provides a comparison of the number of files which can be recovered from different versions of cloud storage applications. In doing so, it also supports the idea that amalgamating the files recovered from more than one device can result in the recovery of a more complete dataset. Third, the chapter contributes to the documentation and evidentiary discussion of the artefacts created from specific cloud storage applications and different versions of these applications on iOS and Android smartphones.
△ Less
Submitted 7 June, 2015;
originally announced June 2015.
-
Investigating the Impact of Global Positioning System Evidence
Authors:
Kiyoshi J Berman,
William Bradley Glisson,
L. Milton Glisson
Abstract:
The continued amalgamation of Global Positioning Systems (GPS) into everyday activities stimulates the idea that these devices will increasingly contribute evidential importance in digital forensics cases. This study investigates the extent to which GPS devices are being used in criminal and civil court cases in the United Kingdom through the inspection of Lexis Nexis, Westlaw, and the British and…
▽ More
The continued amalgamation of Global Positioning Systems (GPS) into everyday activities stimulates the idea that these devices will increasingly contribute evidential importance in digital forensics cases. This study investigates the extent to which GPS devices are being used in criminal and civil court cases in the United Kingdom through the inspection of Lexis Nexis, Westlaw, and the British and Irish Legal Information Institute (BAILII) legal databases. The research identified 83 cases which involved GPS evidence from within the United Kingdom and Europe for the time period from 01 June 1993 to 01 June 2013. The initial empirical analysis indicates that GPS evidence in court cases is rising over time and the majority of those court cases are criminal cases.
△ Less
Submitted 1 March, 2015;
originally announced March 2015.
-
Identifying User Behavior from Residual Data in Cloud-based Synchronized Apps
Authors:
George Grispos,
William Bradley Glisson,
J. Harold Pardue,
Mike Dickson
Abstract:
As the distinction between personal and organizational device usage continues to blur, the combination of applications that interact increases the need to investigate potential security issues. Although security and forensic researchers have been able to recover a variety of artifacts, empirical research has not examined a suite of application artifacts from the perspective of high-level pattern i…
▽ More
As the distinction between personal and organizational device usage continues to blur, the combination of applications that interact increases the need to investigate potential security issues. Although security and forensic researchers have been able to recover a variety of artifacts, empirical research has not examined a suite of application artifacts from the perspective of high-level pattern identification. This research presents a preliminary investigation into the idea that residual artifacts generated by cloud-based synchronized applications can be used to identify broad user behavior patterns. To accomplish this, the researchers conducted a single-case, pretest-posttest, quasi experiment using a smartphone device and a suite of Google mobile applications. The contribution of this paper is two-fold. First, it provides a proof of concept of the extent to which residual data from cloud-based synchronized applications can be used to broadly identify user behavior patterns from device data patterns. Second, it highlights the need for security controls to prevent and manage information flow between BYOD mobile devices and cloud synchronization services.
Keywords: Residual Data, Cloud, Apps, Digital Forensics, BYOD
△ Less
Submitted 8 November, 2014;
originally announced November 2014.
-
Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics
Authors:
George Grispos,
Tim Storer,
William Bradley Glisson
Abstract:
Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic invest…
▽ More
Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed.
△ Less
Submitted 8 October, 2014;
originally announced October 2014.
-
Rethinking Security Incident Response: The Integration of Agile Principles
Authors:
George Grispos,
William Bradley Glisson,
Tim Storer
Abstract:
In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over…
▽ More
In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.
△ Less
Submitted 11 August, 2014;
originally announced August 2014.
-
Android Anti-forensics: Modifying CyanogenMod
Authors:
Karl-Johan Karlsson,
William Bradley Glisson
Abstract:
Mobile devices implementing Android operating systems inherently create opportunities to present environments that are conducive to anti-forensic activities. Previous mobile forensics research focused on applications and data hiding anti-forensics solutions. In this work, a set of modifications were developed and implemented on a CyanogenMod community distribution of the Android operating system.…
▽ More
Mobile devices implementing Android operating systems inherently create opportunities to present environments that are conducive to anti-forensic activities. Previous mobile forensics research focused on applications and data hiding anti-forensics solutions. In this work, a set of modifications were developed and implemented on a CyanogenMod community distribution of the Android operating system. The execution of these solutions successfully prevented data extractions, blocked the installation of forensic tools, created extraction delays and presented false data to industry accepted forensic analysis tools without impacting normal use of the device. The research contribution is an initial empirical analysis of the viability of operating system modifications in an anti-forensics context along with providing the foundation for future research.
△ Less
Submitted 24 January, 2014;
originally announced January 2014.
-
Investigating Information Security Risks of Mobile Device Use within Organizations
Authors:
William Bradley Glisson,
Tim Storer
Abstract:
Mobile devices, such as phones, tablets and laptops, expose businesses and governments to a multitude of information security risks. While Information Systems research has focused on the security and privacy aspects from the end-user perspective regarding mobile devices, very little research has been conducted within corporate environments. In this work, thirty-two mobile devices were returned by…
▽ More
Mobile devices, such as phones, tablets and laptops, expose businesses and governments to a multitude of information security risks. While Information Systems research has focused on the security and privacy aspects from the end-user perspective regarding mobile devices, very little research has been conducted within corporate environments. In this work, thirty-two mobile devices were returned by employees in a global Fortune 500 company. In the empirical analysis, a number of significant security risks were uncovered which may have led to leakage of valuable intellectual property or exposed the organization to future legal conflicts. The research contribution is an initial empirical report highlighting examples of corporate policy breaches by users along with providing a foundation for future research on the security risks of the pervasive presence of mobile devices in corporate environments.
△ Less
Submitted 21 August, 2013;
originally announced September 2013.
-
Cloud Security Challenges: Investigating Policies, Standards, and Guidelines in a Fortune 500 Organization
Authors:
George Grispos,
William Bradley Glisson,
Tim Storer
Abstract:
Cloud computing is quickly becoming pervasive in today's globally integrated networks. The cloud offers organizations opportunities to potentially deploy software and data solutions that are accessible through numerous mechanisms, in a multitude of settings, at a reduced cost with increased reliability and scalability. The increasingly pervasive and ubiquitous nature of the cloud creates an enviro…
▽ More
Cloud computing is quickly becoming pervasive in today's globally integrated networks. The cloud offers organizations opportunities to potentially deploy software and data solutions that are accessible through numerous mechanisms, in a multitude of settings, at a reduced cost with increased reliability and scalability. The increasingly pervasive and ubiquitous nature of the cloud creates an environment that is potentially conducive to security risks. While previous discussions have focused on security and privacy issues in the cloud from the end-users perspective, minimal empirical research has been conducted from the perspective of a corporate environment case study. This paper presents the results of an initial case study identifying real-world information security documentation issues for a Global Fortune 500 organization, should the organization decide to implement cloud computing services in the future. The paper demonstrates the importance of auditing policies, standards and guidelines applicable to cloud computing environments along with highlighting potential corporate concerns. The results from this case study has revealed that from the 1123 'relevant' statements found in the organization's security documentation, 175 statements were considered to be 'inadequate' for cloud computing. Furthermore, the paper provides a foundation for future analysis and research regarding implementation concerns for corporate cloud computing applications and services
△ Less
Submitted 11 June, 2013;
originally announced June 2013.
-
Using Smartphones as a Proxy for Forensic Evidence contained in Cloud Storage Services
Authors:
George Grispos,
William Bradley Glisson,
Tim Storer
Abstract:
Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community. It is anticipated that smartphone devices will retain data from these st…
▽ More
Cloud storage services such as Dropbox, Box and SugarSync have been embraced by both individuals and organizations. This creates an environment that is potentially conducive to security breaches and malicious activities. The investigation of these cloud environments presents new challenges for the digital forensics community. It is anticipated that smartphone devices will retain data from these storage services. Hence, this research presents a preliminary investigation into the residual artifacts created on an iOS and Android device that has accessed a cloud storage service. The contribution of this paper is twofold. First, it provides an initial assessment on the extent to which cloud storage data is stored on these client-side devices. This view acts as a proxy for data stored in the cloud. Secondly, it provides documentation on the artifacts that could be useful in a digital forensics investigation of cloud services.
△ Less
Submitted 17 March, 2013;
originally announced March 2013.