Authors: Jihun Son, Gyubin Kim, Hyunwoo Jung, Jewan Bang, Jungheum Park



Decentralized storage services are growing in popularity owing to their lower costs, increased resilience, and privacy compared with traditional cloud storage services. However, these characteristics also attract malicious actors, who abuse them to create phishing URLs, distribute malware, infringe on copyrights, and conduct other crime-related activities. Investigating these services is challenging because of their censorship resistance and decentralization, which renders the existing methodologies for cloud-based storage services and peer-to-peer- based file-sharing services insufficient. To address these challenges, we introduce a novel forensic investiga- tion framework that encompasses identifying, collecting, examining, analyzing potential evidence, and pre- venting the further distribution of the content. The framework works on each node, peer, gateway, and Internet area of the decentralized storage services, integrating investigation steps on both remote and local sides. The usefulness and applicability of the proposed framework were demonstrated through case studies involving phishing and large-scale file sharing using IPFS with Filecoin.