Circumventing iOS security mechanisms for APT forensic investigations: a security taxonomy for cloud apps
Date
2018
Authors
D'orazio, C.J.
Choo, K.K.R.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Journal article
Citation
Future Generation Computer Systems, 2018; 79(1):247-261
Statement of Responsibility
Conference Name
Abstract
Mobile devices and apps such as cloud apps are a potential attack vector in an advanced persistent threat (APT) incident, due to their capability to store sensitive data (e.g. backup of private and personal data in digital repositories) and access sensitive resources (e.g. compromising the device to access an organisational network). These devices and apps are, thus, a rich source of digital evidence. It is vital to be able to identify artefacts of forensic interest transmitted to/from and stored on the devices. However, security mechanisms in mobile platforms and apps can complicate the forensic acquisition of data. In this paper, we present techniques to circumvent security mechanisms and facilitate collection of artefacts from cloud apps. We then demonstrate the utility of the circumvention techniques using 18 popular iOS cloud apps as case studies. Based on the findings, we present the first iOS cloud app security taxonomy that could be used in the investigation of an APT incident.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2016 Elsevier BV