COMING SOON! PQDT Open is getting a new home!

ProQuest Open Access Dissertations & Theses will remain freely available as part of a new and enhanced search experience at

Questions? Please refer to this FAQ.

Dissertation/Thesis Abstract

Microsoft 365 and Exchange Server Hybrid Forensics
by Carlson, Alex, M.S., Utica College, 2019, 71; 27670117
Abstract (Summary)

The expansion of cloud service offerings, particularly that of Microsoft 365, which attempts to provide an alternative to traditional on-premises physical server infrastructure, seems inevitable based on increasing adoption rates. Convenience comes at a price; however, both from subscription fees and loss of governance that physical servers previously provided. Many larger businesses still maintain on-premises servers, such as Exchange, running in hybrid configurations with Microsoft 365, allowing for greater control of mailboxes and logs maintained on those servers. This research examines the possibilities that Exchange hybrid configurations allow in terms of investigating computer security incidents using digital forensics, and is based on Exchange Server 2019 running on Windows Server 2019 in concordance with current Microsoft 365 offerings.

The research found that employing Microsoft 365 greatly reduces an investigator’s ability to collect and verify evidence beyond periods of 30–90 days, with some sources expiring as early as seven days. Research also found that Exchange hybrid configurations, such as through centralized mail flow, enhance evidence retention and collection capabilities at the cost of increased mail routing complexity. This research examined current literature concerning cybersecurity, digital forensics, Exchange Servers, Microsoft 365, and services that run in parallel or are included with subscriptions. While investigations involving Microsoft 365 or other cloud offerings may be less than ideal, the services have become ubiquitous. Until cloud technology advances, adaptation to current standards, continuous collection from cloud evidence sources, and hybrid setups are advised.

Indexing (document details)
Advisor: Wendt, Donnie
Commitee: Arnone, Adrianne, Wood, Steven
School: Utica College
Department: Cybersecurity
School Location: United States -- New York
Source: MAI 81/7(E), Masters Abstracts International
Subjects: Computer science
Keywords: Computer forensics, Cybersecurity, Digital forensics, Exchange Server 2019, Microsoft 365, Office 365
Publication Number: 27670117
ISBN: 9781392461433
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy