THE ROLE OF CLOUD-BASED TOOLS IN MODERN CYBERCRIME INVESTIGATIONS: INSIGHTS FROM A RANSOMWARE CASE STUDY
Keywords:
Cloud Forensics, Ransomware Investigation, Cybersecurity, Scalable Data Processing, Data RecoveryAbstract
This article examines the application of cloud-based digital forensics techniques in investigating a ransomware attack on a company's cloud storage infrastructure. Through a comprehensive case study approach, we explore how cloud computing capabilities enhance the forensic process, focusing on scalable data processing, collaborative investigation methods, and the utilization of cloud-native forensic tools. The article demonstrates that cloud-based forensics significantly improves the efficiency and effectiveness of ransomware investigations by enabling rapid analysis of massive datasets, facilitating real-time collaboration among geographically dispersed investigators, and providing robust evidence preservation mechanisms. Our findings reveal that cloud-native forensic tools, coupled with advanced network traffic analysis techniques, offer unique advantages in identifying attack vectors and preserving the integrity of digital evidence. This article contributes to the growing body of knowledge on cloud forensics and provides practical insights for cybersecurity professionals dealing with complex ransomware incidents in cloud environments. The results underscore the importance of adapting traditional forensic methodologies to leverage the full potential of cloud computing in addressing the challenges posed by sophisticated cyber threats.
References
K. Ruan, J. Carthy, T. Kechadi and M. Crosbie, "Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results," Digital Investigation, vol. 10, no. 1, pp. 34-43, 2013. https://doi.org/10.1016/j.diin.2013.02.004
S. Zawoad and R. Hasan, "Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems," arXiv preprint arXiv:1302.6312, 2013. https://arxiv.org/abs/1302.6312
R. K. Yin, "Case Study Research and Applications: Design and Methods," Sage Publications, 6th edition, 2017. https://us.sagepub.com/en-us/nam/case-study-research-and-applications/book250150
S. Watson and A. Dehghantanha, "Digital forensics: the missing piece of the Internet of Things promise," Computer Fraud & Security, vol. 2016, no. 6, pp. 5-8, 2016. https://doi.org/10.1016/S1361-3723(15)30045-2
M. Damshenas, A. Dehghantanha, R. Mahmoud, and S. Bin Shamsuddin, "Forensics investigation challenges in cloud computing environments," 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 190-194, 2012. https://doi.org/10.1109/CyberSec.2012.6246092
D. Quick and K. R. Choo, "Big forensic data reduction: digital forensic images and electronic evidence," Cluster Computing, vol. 19, pp. 723-740, 2016. https://doi.org/10.1007/s10586-016-0553-1
J. Dykstra and A. T. Sherman, "Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques," Digital Investigation, vol. 9, pp. S90-S98, 2012. https://doi.org/10.1016/j.diin.2012.05.001
C. Hargreaves and J. Patterson, "An automated timeline reconstruction approach for digital forensic investigations," Digital Investigation, vol. 9, pp. S69-S79, 2012. https://doi.org/10.1016/j.diin.2012.05.006
F. Gadaleta, Y. Younan, and W. Joosen, "Bubble: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks," in Proceedings of the Second International Conference on Engineering Secure Software and Systems (ESSoS'10), 2010, pp. 1-17. https://doi.org/10.1007/978-3-642-11747-3_1
N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, "A Deep Learning Approach to Network Intrusion Detection," IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2, no. 1, pp. 41-50, 2018. https://doi.org/10.1109/TETCI.2017.2772792
