摘要:Investigating the mobile cloud environment is a challenging task due to the characteristics of voluminous data, dispersion of data, virtualization, and diverse data. Recent research works focus on applying the latest forensic methodologies to the mobile cloud investigation. This paper proposes an enhanced forensic examination and analysis model for the mobile cloud environment that incorporates timeline analysis, hash filtering, data carving, and data transformation sub-phases to improve the performance of the cloud evidence identification and overall forensic decision-making. It analyzes the timeline of events and filters the case-specific files based on the hash values and metadata using the data mining methods. The proposed forensic model performs the in-place carving on the filtered data to guide the investigation and integrates the heterogeneous file types and distributed pieces of evidence with the assistance of the data mining. Finally, the proposed approach employs LSTM based model that significantly improves the forensic decision making.
其他摘要:Investigating the mobile cloud environment is a challenging task due to the characteristics of voluminous data, dispersion of data, virtualization, and diverse data. Recent research works focus on applying the latest forensic methodologies to the mobile cloud investigation. This paper proposes an enhanced forensic examination and analysis model for the mobile cloud environment that incorporates timeline analysis, hash filtering, data carving, and data transformation sub-phases to improve the performance of the cloud evidence identification and overall forensic decision-making. It analyzes the timeline of events and filters the case-specific files based on the hash values and metadata using the data mining methods. The proposed forensic model performs the in-place carving on the filtered data to guide the investigation and integrates the heterogeneous file types and distributed pieces of evidence with the assistance of the data mining. Finally, the proposed approach employs LSTM based model that significantly improves the forensic decision making.
