{"title":"Cloud Forensic Artefacts: Digital Forensics Registry Artefacts discovered from Cloud Storage Application","authors":"Shailendra Mishra, Mohammed A. Bajahzar","doi":"10.12785/ijcds/160102","DOIUrl":null,"url":null,"abstract":": Cloud storage drives have become very popular around the world these days. In the traditional approach to computer forensics, the focus is on physically accessing the disks that contain the information that could contribute to the factors. Due to the data breaches that can occur through cloud-based applications, the research proposed in this paper focuses on collecting evidence from Windows 11 operating systems to discover and collect leftover registry artefacts from one of the major cloud storage applications, OneDrive. This research study examined Windows 11 artefacts and found distinct artefacts when the OneDrive program was deleted from the virtual machine and unlinked to an account. The results and lingering artefacts assist in determining the file path for each uploaded file in OneDrive as well as the email address that was linked to it. To assist digital forensic investigators in making an expedient determination regarding the use of cloud storage applications, a bash script was developed and appended to the document. Its purpose is to assemble the identified and discovered artefacts that were obtained throughout the practical simulations. Identifying the accounts and the chronology that were using OneDrive, may also be utilized as a lead to identify the attackers.","PeriodicalId":37180,"journal":{"name":"International Journal of Computing and Digital Systems","volume":"44 34","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Computing and Digital Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12785/ijcds/160102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
: Cloud storage drives have become very popular around the world these days. In the traditional approach to computer forensics, the focus is on physically accessing the disks that contain the information that could contribute to the factors. Due to the data breaches that can occur through cloud-based applications, the research proposed in this paper focuses on collecting evidence from Windows 11 operating systems to discover and collect leftover registry artefacts from one of the major cloud storage applications, OneDrive. This research study examined Windows 11 artefacts and found distinct artefacts when the OneDrive program was deleted from the virtual machine and unlinked to an account. The results and lingering artefacts assist in determining the file path for each uploaded file in OneDrive as well as the email address that was linked to it. To assist digital forensic investigators in making an expedient determination regarding the use of cloud storage applications, a bash script was developed and appended to the document. Its purpose is to assemble the identified and discovered artefacts that were obtained throughout the practical simulations. Identifying the accounts and the chronology that were using OneDrive, may also be utilized as a lead to identify the attackers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
