Temporal Cloud Event Reconstruction from Digital Forensics Process

Da-Yu Kao


Since the cloud storage services are increasingly used by cybercriminals, the law enforcement community has faced difficulties on how best to tackle the complex and dynamic developments on cloud services. This creates difficulties in the consistency of handling a digital crime scene. This study aims to explore the date-time stamp and timeline reconstruction of file operation in the cloud. It can be applied for incident response specialists who identify crime clues, characteristics or evidences in a data breach. The results demonstrate that the proposed findings are very effective for investigators to clear the sober and to find the fact behind digital date-time stamp.

Full Text:



Arnes, A., Digital Forensics 1st Edition, John Willey & Sons, pp. 13-48, 2018.

Bagby, J. W., “On Resolving the Cloud Forensics Conundrum,” Conference on Digital Forensics Security & Law, Richmond Virginia, 2013.

Casey, E., Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet (3rd Edition), Elsevier Academic Press, pp. 323-328, 2011.

Casey, E., Handbook of Digital Forensics and Investigation, Elsevier Academic Press, pp. 215-356, 2010.

Federici, C, “Cloud Data Imager: A Unified Answer to Remote Acquisition of Cloud Storage Areas,” Digital Investigation, Vol. 11, No. 1, pp. 30-42, 2014.

Hosseinkhani, J., Koochakzaei, M., Keikhaee, S., “Detecting Suspicion Information on the Web Using Crime Data Mining Techniques,” International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 3, No. 1, pp. 32-41, 2014.

Kävrestad, J., Guide to Digital Forensics: A Concise and Practical Introduction, Springer, pp. 3-58, 2017.

Microsoft Corporation, “File System Behavior in the Microsoft Windows Environment,” http://download.microsoft.com, 2014.

Pritzker, P., “NIST Cloud Computing: Forensic Science Challenges (Draft NISTIR 8006),” NIST Cloud Computing Forensic Science Working Group Information Technology Laboratory, 2014.

RajuEmail, B. and Geethakumari, G., “Timeline-Based Cloud Event Reconstruction Framework for Virtual Machine Artifacts,” Progress in Intelligent Computing Techniques: Theory, Practice, and Applications, pp 31-42, Springer, 2017.

Razek, S. A., E. F. Heba, and Mahmoud, I., "Cloud Storage Forensics: Survey," International Journal of Engineering Trends and Technology (IJETT), Vol. 52, No. 1, 2017.

Reilly, D., Wren, C., and Berry, T., “Cloud Computing-Pros and Cons for Computer Forensic Investigations,” International Journal Multimedia and Image Processing (IJMIP), Vol.1, No. 3, March 2011.

DOI: http://dx.doi.org/10.24294/jche.v1i2.536


  • There are currently no refbacks.

Creative Commons License

This site is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.