Jihun Son , Gyubin Kim , Hyunwoo Jung , Jewan Bang , Jungheum Park
{"title":"IF-DSS: A forensic investigation framework for decentralized storage services","authors":"Jihun Son , Gyubin Kim , Hyunwoo Jung , Jewan Bang , Jungheum Park","doi":"10.1016/j.fsidi.2023.301611","DOIUrl":null,"url":null,"abstract":"<div><p>Decentralized storage services are growing in popularity owing to their lower costs, increased resilience, and privacy compared with traditional cloud storage services. However, these characteristics also attract malicious actors, who abuse them to create phishing URLs, distribute malware, infringe on copyrights, and conduct other crime-related activities. Investigating these services is challenging because of their censorship resistance and decentralization, which renders the existing methodologies for cloud-based storage services and peer-to-peer-based file-sharing services insufficient. To address these challenges, we introduce a novel forensic investigation framework that encompasses identifying, collecting, examining, analyzing potential evidence, and preventing the further distribution of the content. The framework works on each node, peer, gateway, and Internet area of the decentralized storage services, integrating investigation steps on both remote and local sides. The usefulness and applicability of the proposed framework were demonstrated through case studies involving phishing and large-scale file sharing using <em>IPFS</em> with <em>Filecoin</em>.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281723001233","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Decentralized storage services are growing in popularity owing to their lower costs, increased resilience, and privacy compared with traditional cloud storage services. However, these characteristics also attract malicious actors, who abuse them to create phishing URLs, distribute malware, infringe on copyrights, and conduct other crime-related activities. Investigating these services is challenging because of their censorship resistance and decentralization, which renders the existing methodologies for cloud-based storage services and peer-to-peer-based file-sharing services insufficient. To address these challenges, we introduce a novel forensic investigation framework that encompasses identifying, collecting, examining, analyzing potential evidence, and preventing the further distribution of the content. The framework works on each node, peer, gateway, and Internet area of the decentralized storage services, integrating investigation steps on both remote and local sides. The usefulness and applicability of the proposed framework were demonstrated through case studies involving phishing and large-scale file sharing using IPFS with Filecoin.