CloudMe Forensics: A Case of Big-Data Investigation

TL;DR

This paper investigates residual artefacts from CloudMe cloud storage to improve digital forensic investigations by identifying relevant data artefacts and their locations, aiding in efficient big data analysis.

Contribution

It provides a detailed analysis of artefacts related to CloudMe activities, supporting the development of data mining methods for cloud-enabled big data forensics.

Findings

Identified artefacts from installation, login, logout, and synchronization.

Mapped artefact locations on desktop and mobile clients.

Supported future development of forensic data mining techniques.

Abstract

The issue of increasing volume, variety and velocity of has been an area of concern in cloud forensics. The high volume of data will, at some point, become computationally exhaustive to be fully extracted and analysed in a timely manner. To cut down the size of investigation, it is important for a digital forensic practitioner to possess a well-rounded knowledge about the most relevant data artefacts from the cloud product investigating. In this paper, we seek to tackle on the residual artefacts from the use of CloudMe cloud storage service. We demonstrate the types and locations of the artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation activities from the computer desktop and mobile clients. Findings from this research will pave the way towards the development of data mining methods for cloud-enabled big data endpoint forensics investigation.