D-Cloud-Collector: Admissible Forensic Evidence from Mobile Cloud Storage

D-Cloud-Collector: Admissible Forensic Evidence from Mobile Cloud Storage

연구 분야: Analysis

학회: IFIP International Conference on ICT Systems Security and Privacy Protection

Difficulties with accessing device content or even the device itself can seriously hamper smartphone forensics. Mobile cloud storage, which extends on-device capacity, provides an avenue for a forensic collection process that does not require physical access to the device. Rather, it is possible to remotely retrieve credentials from a device of interest through undercover operations, followed by live cloud forensics. While technologically appealing, this approach raises concerns with evidence preservation, ranging from the use of malware-like operations, to linking the collected evidence with the physically absent smartphone, and possible mass surveillance accusations. In this paper, we propose a solution to ease these concerns by employing hardware security modules to provide for controlled live cloud forensics and tamper-evident access logs. A Google Drive-based proof of concept, using the SEcube hardware security module, demonstrates that D-Cloud-Collector is feasible whenever the performance penalty incurred is affordable.