應用程式雲客戶端資料之鑑識

A Forensic Analysis of Application Cloud Service in Client Data

鄧思源(Teng,Szu-Yaun)；陳受湛(Chen,Sou-Chan)；劉秉昕(Liu,Ping-Hsin)

數位證據 ； SaaS ； AaaS ； 應用程式雲 ； 應用程式虛擬化 ； 數位鑑識 ； 反鑑識 ； Digital Evidence ； SaaS ； AaaS ； Application Cloud Service ； Application Virtualization ； Digital Forensics ； Anti-forensics

資訊安全通訊

23卷3期（2017 / 07 / 01）

19 - 36

繁體中文

目前雲端運算技術發展日益成熟，相關服務更是不斷推陳出新，由軟體即服務(SaaS)雲端服務架構下又衍生出如AaaS(Apps as a Service)、PaaS(Application Platform as aService)或MAaaS(Mobile Applications as a Service) 等不同之雲端服務架構，讓使用者隨時隨地可以使用任何數位裝置上的瀏覽器透過網際網路連接即可使用這些雲端服務上的應用程式，目前較知名SaaS 供應商所提供的應用程式雲服務如GoogleApps、AppleiCloud、MicroSoft Office 365 及Salesforce App Cloud 等，但可使用之應用程式的種類大部分都限縮在辦公室應用程式或雲端儲存服務，軟體數量亦有所不足，因此目前有部分雲端服務業者推出類似Google Docs 及微軟Office 365 等雲端應用程式概念的應用程式雲，強調在任何地方不論使用任何平台都可透過網際網路執行任何桌面程式(run application anywhere or online)，讓使用者可從雲端服務提供者以隨用隨付制為基礎免費或付費購買、租用應用程式服務。所有的硬體基礎結構、中介軟體、應用程式軟體以及應用程式資料皆位於雲端服務提供者的資料中心。由於應用程式雲具有使用便利、機動性高、隱匿及不易確認等特性，因此在可見的未來，應用程式雲很有可能成為不法犯罪份子用於規避犯罪調查的選項之一，因此對於應用程式雲架構與相關服務之數位調查及如何蒐集與鑑識使用此類雲端服務客戶端數位證據，實有必要加以研究，本篇論文將針對市面上較具代表性的Cameyo、rollapp 及Turbo 等3 種應用程式雲進行實驗與分析，期提供可參考利用的應用程式雲客戶端之數位證據保全、蒐集與鑑識的步驟與程序，以協助數位鑑識實務操作人員在處理與應用程式雲有關之鑑定案件時，有一可供參考之鑑識方法。

At present, the development of cloud computing technology is becoming mature, and the related services are innovating. A similar cloud services architecture such as AaaS (Apps as a Service), aPaaS (Application Platform as a Service), or MAaaS (Mobile Applications as a Service) is derived from the Software Services (SaaS) cloud service architecture, so that users can use any browser on any digital device to connect to these applications by the Internet, which is now available from more well-known SaaS vendors of the application cloud services such as GoogleApps, Apple iCloud, MicroSoft Office 365 and Salesforce App Cloud. Most of the types of apps that can be used are limited to office applications or cloud storage services, and the number of software is inadequate. Some cloud service providers launched applications such as Google Docs and Microsoft Office 365 and other type of application cloud, emphasizing to use any platform to run any application anywhere, so that the user can purchase or rent the application from the cloud service provider on a per-use basis. All hardware infrastructures, mediation software, app software, and application data are located in the cloud service provider's data center. Because the application cloud service has the advantages of ease of use, high mobility, hidden and difficult to confirm, the application cloud service is likely to be one of the options for criminals to avoid crime investigations in the foreseeable future, Therefore, it is necessary to study the digital data of the cloud service client and how to collect and authenticate the application of cloud architecture and related services. This paper will experiment and analyze three application clouds service, such as Cameyo, rollapp and Turbo, and provide the steps and procedures for the preservation, collection and identification of digital evidence that can be used by the application cloud service client data to assist in the implementation of digital forensic practitioners have a reference method when encountered the application cloud service case.

1. Turbo Containers, “Run Applications Anywhere,” https://turbo.net/docs, 2017.
2. rollApp, “Run Desktop Applications Online,” https://www.rollapp.com/home,2017.
3. Wikipedia, “Cameyo wiki:history and operations,” https://en.wikipedia.org/wiki/Cameyo, 2017.
4. Amirullah, A.,Riadi, I.,Luthfi, A.(2016).Forensics Analysis from Cloud Storage Client Application on Proprietary Operating System.International Journal of Computer Applications,143(1)
5. Birk. D.,Wegener, C.(2011).Technical Issues of Forensic Investigations in Cloud Computing Environments.2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering,Okland, CA:
6. Cloud Security Alliance,Incident Management and Forensics Working Group(2013).Mapping ISO27037 to Cloud Computing Environments.
7. Damshenas, M.,Dehghantanha, A.,Mahmoud, R.,Shamsuddin, S.(2012).Forensics Investigation Challenges in Cloud Computing Environments.Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on IEEE,Kuala Lumpur:
8. International Standard(2012).ISO/IEC 27037 Information technology-Security techniques, Guidelines for identification, collection, acquisition and preservation of digital evidence.
9. Mell, P.,Grance, T.(2011).The NIST definition of cloud computing.
10. Milagre, J.,Caiado, M.(2013).Cloud Computing Forensics. Best Practice and Challenges for Process Efficiency of Investigations and Digital Forensics.The Eighth International Conference on Forensic Computer Science - ICoFCS
11. National Institute of Standards and Technology(2014).NIST Cloud Computing Forensic Science Challenges.
12. Quick, D.,Choo, K. K. R.(2014).Google Drive: Forensic analysis of data remnants.Journal of Network and Computer Applications,40,179-193.

1. 温阡惠,羅雍筌,鄭莞玲,樊祖燁,劉芯妤,彭建文,陳思玫,張嘉欣(2021)。運用影像處理技術促進台灣自由行發展之研究。島嶼觀光研究，13(4)，47-86。