Offline vs. Online Digital Forensics of Cloud-based Services


Digital forensics has become important due to the daily use of digital devices in our life, which may lead to evidence that can be useful to law enforcement in legal cases. When using cloud services, a lot of artifacts that might be useful for investigations are stored in the cloud which means that the extraction must be from cloud computers systems. So, the legacy forensics tools may not be usable or less effective due to the geographically distribution of data and legal issues among other issues. The challenges of the cloud digital forensics are discussed in this paper. Also, this paper shows the types of extracting data from cloud services that are offline and online extraction. The offline extraction is concerned with extracting data from a local device that used to access cloud services. While online data extraction is concerned with remote extraction of data from cloud services. A comparison between such two types are demonstrated from many ways according to the result of recent papers to show the situations that each type is useful in.