Documentos de Académico
Documentos de Profesional
Documentos de Cultura
OUTLINE
1. 2. 3. 4. 5. 6.
Introduction Cloud storage services and digital forensics Artifacts of cloud storage services (Windows and Mac) Artifacts of cloud storage services (smartphones)
CLOUD COMPUTING:
Computing resources delivered as a
service over a network The name comes from the cloud-shaped
source: http://en.wikipedia.org/wiki/Cloud_computing
1. INTRODUCTION
Cloud computing was expanded: Development of an information technology infrastructure Availability of free software
CLOUD STORAGE
A type of IaaS, provide users with virtual space which allows
email-sending capacity.
Accessible from PC or a smartphone and this helped the
10
11
McClain, 2011
installation network activity database files log files, and uninstallation data
Dropbox can be accessed
to investigate
did not explain
via a smartphone
12
13
cloud storage services, and important factors that should be considered in a forensic investigation.
Section 3 deals with the traces that are created with a
14
15
different services
16
Type of service
Data storage Office suite + data storage Note storage + data storage
Public services
Amazon S3, Dropbox, Sugarsync, and so on Google Docs, SkyDrive Evernote, Awesome Note
17
18
Figure 1, page 3
19
Cache - images, icons, text, HTML, XML files, download URLs, download times,
visits
Cookie - hosts, paths, cookie modification & expiration times, names, and values and download - local paths of downloaded files, download URLs, file sizes,
20
21
22
23
24
25
bucket name
The third field is the time at which the user performed the action. The seventh field describes the users action. The eighth field is the name of the file on which the user acted. The last field is the HTTP user-agent value
26
27
3.2. DROPBOX
A frequently used cloud storage service. Allows sync and the user can access their storage using
28
3.2.1. WINDOWS
29
The investigator can find the suspects dropbox_path by copying config.db to that PC, and then places config.db in the same path as the suspects dropbox_path.
30
3.3. EVERNOTE
Evernote allows a user to store an idea anywhere and anytime. Evernote synchronizes notes every time they are saved. Accessible through Windows, Mac, iPhones, and Android smartphones.
31
3.3.1. WINDOWS
Title Date_cre Date_upd is_delete ated ated d Source Mobile.a ndroid Latitude Longitud e
37.32142 9 122.0157 91
32
3.2.1. WINDOWS
33
The file [userID].exb.thumbnails is a combination of PNG files that take a snapshot of the note at every synchronization.
34
AppLog_[Date].txt is created once a day when Evernote starts. Inside it is the authentication information, the account ID, and start and end time. enclipper_[Date].txt is created once a day, like AppLog_[Date].txt. It
35
3.3.2. MAC
Important four files in Appendix B are Evernote.sql, fullscreenThumbnail.png, thumbnail.png, and Evernote.log.
36
38
3.4.1. Windows
39
40
41
42
5.2. Objective
judge whether or not Mr. K had leaked a secret file by
43
5.4. RESULTS
Confidential file using Dropbox. Further examining the
prime suspects PC and smartphone together, more precise investigation was possible.
44
45
services.