The expansion of cloud service offerings, particularly that of Microsoft 365, which attempts to provide an alternative to traditional on-premises physical server infrastructure, seems inevitable based on increasing adoption rates. Convenience comes at a price; however, both from subscription fees and loss of governance that physical servers previously provided. Many larger businesses still maintain on-premises servers, such as Exchange, running in hybrid configurations with Microsoft 365, allowing for greater control of mailboxes and logs maintained on those servers. This research examines the possibilities that Exchange hybrid configurations allow in terms of investigating computer security incidents using digital forensics, and is based on Exchange Server 2019 running on Windows Server 2019 in concordance with current Microsoft 365 offerings.
The research found that employing Microsoft 365 greatly reduces an investigator’s ability to collect and verify evidence beyond periods of 30–90 days, with some sources expiring as early as seven days. Research also found that Exchange hybrid configurations, such as through centralized mail flow, enhance evidence retention and collection capabilities at the cost of increased mail routing complexity. This research examined current literature concerning cybersecurity, digital forensics, Exchange Servers, Microsoft 365, and services that run in parallel or are included with subscriptions. While investigations involving Microsoft 365 or other cloud offerings may be less than ideal, the services have become ubiquitous. Until cloud technology advances, adaptation to current standards, continuous collection from cloud evidence sources, and hybrid setups are advised.
|Commitee:||Arnone, Adrianne, Wood, Steven|
|School Location:||United States -- New York|
|Source:||MAI 81/7(E), Masters Abstracts International|
|Keywords:||Computer forensics, Cybersecurity, Digital forensics, Exchange Server 2019, Microsoft 365, Office 365|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be