Method to identify and store cloud-based forensic evidence patented by CIT team

Marcus Rogers, Umit Karabiyik and Fahad Salamh

Prior to cloud computing, businesses needed their own computer servers along with the real estate to house them. Ideas, projects and work-related information was identifiable and limited in size.

With advances in technology and the availability of cloud computing, today’s organizations and businesses can take advantage of computing and other Software as a Service (SaaS) applications over the Internet. Having the ability to store data in the cloud means ideas and projects – from the largest corporations or even single individuals -- are no longer limited by the size of a server.

Unfortunately, criminals also embrace advances in technology.

“Cyber criminals, in particular, understand the complexity of the cloud and the difficulty in collecting evidence to trace the location of suspicious activities,” said Marcus Rogers, professor of computer and information technology (CIT). “This is a challenge to digital forensic investigations, particularly when related to crimes such as child exploitation, drugs and firearms trading.”

Because time is often critical when acquiring evidence, Rogers, Umit Karabiyik, assistant professor of cybersecurity, and Ph.D. candidate Fahad Salamh determined the need for a method to automate the collection of digital forensic evidence using cloud services.

“Although the admissibility of digital evidence is crucial, the advancement of technology and complexity of data structure encourages researchers and practitioners to automate some investigation processes, such as identification and reporting phases,” Salamh said.

“Classification of real-time illegal cloud activities is essential to reduce the amount of forensic evidence storage,” said Karabiyik. “Therefore, we developed a cloud forensic model to collect digital evidence related to such activities on cloud storage applications by utilizing machine learning technology.”

“If an image or video file uploaded to the cloud service provider is determined to relate to illicit, illegal or malicious activity, relevant digital forensic evidence is extracted and stored for later provision to law enforcement,” Marcus said. “The digital forensic evidence that is collected can be used to assist law enforcement in their investigations of criminal activity, as well as aid in the successful prosecution of criminals in court proceedings.”

The team earned a patent for their automating digital forensic evidence collection method.

“Our patent focuses on the automation of identification and reporting processes to ease the investigation process and reduce issues related to heterogeneous virtualized data, which is a large volume of virtual data flow that’s difficult to trace.” said Salamh. "The cyber forensics field is rapidly impacted by the advancement of technology.”

Additional information

People in this Article: