| In recent years,cloud computing technology has got rapid development.Cloud computing services are increasingly applied by businesses and individuals.Cloud storage is one of the most widely used cloud computing services.However,when cloud storage service brings convenience for the users,it also led to a series of security problems at the same time.Criminals may abuse cloud storage service to commit crimes.Therefore,the research on digital forensics technology for cloud storage is of great significance.Moreover,doing digital forensic on the cloud storage client can obtain a large number of evidence information which is beneficial to the case investigation.The key technologies of digital forensics for cloud storage was researched in this thesis,using baidu netdisk which is a domestic mainstream cloud storage services as a case.The main works of this thesis are presented as follows.1.Based on the trace analysis technologies,we analyze the use traces of baidu netdisk which is a kind of cloud storage service on the Windows 7 system.The traces of the use of baidu netdisk through the browsers and the client application existed in the devices was analyzed in this thesis.This thesis describes where traces exist in the client devices and how these traces should be analyzed.The user accounts and user operation records,operation time,file name,hash value and other important information can be found through analysis of the traces.The research of the traces found that the client account information in the file was encrypted.It was needed to research the method of getting account information.2.The client application program of baidu netdisk was analyzed through the reverse analysis technology to find the mechanism of the application to decrypt the account information file stored on the local devices.Firstly,the basic method of reverse analysis was introduced,and then the mechanism of decrypting the account information file as well as generating the decryption key was analyzed in this thesis.3.The research of SQLite database data recovery is necessary in the case of a lot of SQLite database files exist in the traces.The principle and method of the SQLite database data recovery was researched in this thesis based on the research of the SQLite database file structure.A method of SQLite database data recovery based on feature matching and SVM classification which can recovery deleted data from known table in the database was proposed in this thesis.The method first retrieves the deleted data area from the freeblocks,the freelist pages and the unallocated space of all the pages according to the database file structure,and then locates the data cell from the acquired deleted area through the method of feature matching,and finally recovers data from the data cell through the method of data recovery based on SVM classification.The recovery rate and accuracy of data recovery can be improved efficiently by using the method proposed in this thesis.4.The design of a digital forensics system for cloud storage client side based on the above research is described.The method of analyzing baidu netdisk in this thesis can provide useful reference for forensic analysis of other cloud storage system. |
PDF Full Text Request