Digital Forensic Evidence Collection of Cloud Storage Data for Investigation

In recent days Cloud services such as storage is more familiar to business and Individuals. This storage services are found as a problem to examiners and researchers in the field of forensics. There are many kind of storage services available in cloud and every service face a diverse issues in illegitimate action. The evidence identification, preservation, and collection are hard when dissimilar services are utilized by offenders. Lack of knowledge regarding location of evidence data can also affect investigation and it take more time to meet every cloud storage providers to decide where the evidence is saved within their infrastructure. In this study two popular public cloud service providers (Microsoft One Drive and Amazon cloud drive) are used to perform forensics evidence collection procedure through browser and service providers software on a Windows 7 computer. By identifying the evidence data on a client device, provide a clear idea about type of evidences are exist in machine for forensics practitioners. Possible evidence determined throughout this study include file timestamps, file hashes, client software log files, memory captures, link files and other evidences are also obtainable to different cloud service providers.