| Cloud storage is one of the most widely used cloud computing service, and brings comfort to us, but at the same time, it has also led to some security issues. For example, the trade secrets and working data of companies are both taking a risk of leaking. Another example is that, the illegal content such as reactionary information and pornography, could spread widely. The behavior of leaking and spreading illegal content will bring the threats to the management of companies and to the stability of the society. But the forensics in cloud storage will be extremely difficult because of the characteristic of co-located service of cloud storage. The criminal could login the user’s account illegally and perform malicious operations. But it would be difficult to investigate them because of the challenge brought by cloud environment. Therefore, it is necessary to propose a method for cloud storage forensics.Based on the traditional forensic framework, this article proposed a network forensic framework. Summarizing the information by analyzing the network protocol of cloud storage service, this article verifies the practicability of the network forensics, and then proposes a method to extract the behavior characteristic values, and makes it possible to identify the user’s behavior through characteristic matching. A system is designed to identify the behavior of users and extracts related information, then stores the data as evidence. The evidence could be used to provide basis for further investigation aiming at the cloud storage related crime. Moreover, in response to the possible situation that big data and high speed network bring the problems such as high packet loss rate, false positive rate and false negative rate. This article presents zero copy, TCP stream recombination based HASH, Pattern matching algorithm to ensure system’s efficient and accuracy to capture and analyze the packet in the high-speed network environment. |
PDF Full Text Request