Digital Forensics Study of a Cloud Storage Client: A Dropbox Artifact Analysis

Authors

DOI:

https://doi.org/10.21512/commit.v13i2.5781

Keywords:

Cloud Storage, Digital Forensics, Mobile Forensics, Dropbox Analysis, Artifacts, Android-Based

Abstract

The rapid development of cloud storage technology paired with the prevalence of smartphone usage presents wide-ranging challenges for digital forensics practitioners. Data are more easily uploaded and shared between multiple devices and across multiple platforms. So, the process has increased the opportunities for criminality. Criminality undertaken in cloud computing can be directly seen on logs stored on the cloud storage server, which records user activity. However, because of user privacy protection, these logs cannot be easily used as evidence in court. This issue emphasizes the need for a reliable means of identifying, acquiring, and preserving evidential data from the client-side. This study identifies the data artifacts of a user accessing Dropbox via smartphone (Android Lollipop and Android Nougat). The data are from performing several common activities such as installing, signing up, uploading, downloading, sharing, and others. About 14 artifacts are identified by documenting the Dropbox client database changing contents as these activities are carried out. This study increases knowledge of the artifacts that are leftover by Dropbox client on Android smartphones. The results propose this comparing and analyzing method can be used by digital forensics investigators in carrying out investigations and cyberlaw practitioners as guidance in criminal cases.

Dimensions

Plum Analytics

Author Biography

Gandeva Bayu Satrya, Telkom University

Gandeva Bayu Satrya is a Ph.D in security communication for next generation networks, graduated from IT Convergence Engineering, School of Electronic Engineering, Kumoh National Institute of Technology, South Korea in December 2018. He has been a lecturer and researcher at School of Applied Science in Telkom University, Bandung, Indonesia since February 2011 until now. From June 2008 to December 2010, he was a BSS Engineer at PT. ZTE Indonesia, Jakarta, Indonesia. His areas of expertise are Android forensics, routing protocol, packet scheduling, and security communication in next generation network.

References

W. F. Hsien, C. C. Yang, and M. S. Hwang, “A survey of public auditing for secure data storage in cloud computing,” IJ Network Security, vol. 18, no. 1, pp. 133–142, 2016.

M. A. Khan, “A survey of security issues for cloud computing,” Journal of Network and Computer Applications, vol. 71, pp. 11–29, 2016.

H. Chung, J. Park, S. Lee, and C. Kang, “Digital forensic investigation of cloud storage services,” Digital Investigation, vol. 9, no. 2, pp. 81–95, 2012.

D. C. Chou, “Cloud computing risk and audit issues,” Computer Standards & Interfaces, vol. 42, pp. 137–142, 2015.

M. Muchmore. The best cloud storage and filesharing services for 2019. Accessed: 2019-07-07. [Online]. Available: https://bit.ly/2XUlAfq

S. Mitroff. OneDrive, Dropbox, Google Drive and Box: Which cloud storage service is right for you? Accessed: 2019-07-07. [Online]. Available: https://cnet.co/2emAPbD

L. Caviglione, S. Wendzel, and W. Mazurczyk, “The future of digital forensics: Challenges and the road ahead,” IEEE Security Privacy, vol. 15, no. 6, pp. 12–17, 2017.

E. A. Vincze, “Challenges in digital forensics,” Police Practice and Research, vol. 17, no. 2, pp. 183–194, 2016.

G. B. Satrya, A. A. Nasrullah, and S. Y. Shin, “Identifying artefact on Microsoft OneDrive client to support Android forensics,” International Journal of Electronic Security and Digital Forensics, vol. 9, no. 3, pp. 269–291, 2017.

R. McKemmish, “When is digital evidence forensically sound?” in IFIP International Conference on Digital Forensics, Kyoto, Japan, Jan. 28–30, 2008, pp. 3–15.

Dropbox. Company info. Accessed: 2019-07-07. [Online]. Available: www.dropbox.com

A. Pichan, M. Lazarescu, and S. T. Soh, “Cloud forensics: Technical challenges, solutions and comparative analysis,” Digital Investigation, vol. 13, pp. 38–57, 2015.

F. Daryabar, A. Dehghantanha, and K.-K. R. Choo, “Cloud storage forensics: MEGA as a case study,” Australian Journal of Forensic Sciences, vol. 49, no. 3, pp. 344–357, 2017.

Y. Y. Teing, A. Dehghantanha, K.-K. R. Choo, T. Dargahi, and M. Conti, “Forensic investigation of cooperative storage cloud service: Symform as a case study,” Journal of Forensic Sciences, vol. 62, no. 3, pp. 641–654, 2017.

V. Roussev and S. McCulley, “Forensic analysis of cloud-native artifacts,” Digital Investigation, vol. 16, pp. S104–S113, 2016.

C. Stelly and V. Roussev, “SCARF: A containerbased approach to cloud-scale digital forensic processing,” Digital Investigation, vol. 22, pp. S39–S47, 2017.

D. Quick and K. K. R. Choo, “Dropbox analysis: Data remnants on user machines,” Digital Investigation, vol. 10, no. 1, pp. 3–18, 2013.

D. Quick and M. Alzaabi, “Forensic analysis of the Android file system YAFFS2,” in 9th Australian Digital Forensics Conference, Perth Western Australia, Dec. 5–7, 2011, pp. 100–109.

P. Albano, A. Castiglione, G. Cattaneo, and A. De Santis, “A novel anti-forensics technique for the Android OS,” in 2011 International Conference on Broadband and Wireless Computing, Communication and Applications, Barcelona, Spain, Oct. 26–28, 2011, pp. 380–385.

G. B. Satrya and S. Y. Shin, “Proposed method for mobile forensics investigation analysis of remnant data on Google Drive client,” Journal of Internet Technology, vol. 19, no. 6, pp. 1741–1751, 2018.

F. M. Granja and G. D. R. Rafael, “The preservation of digital evidence and its admissibility in the court,” International Journal of Electronic Security and Digital Forensics, vol. 9, no. 1, pp. 1–18, 2017.

R. Montasari, “Review and assessment of the existing digital forensic investigation process models,” International Journal of Computer Applications, vol. 147, no. 7, pp. 41–49, 2016.

Kominfo. (2008) Undang-Undang Republik Indonesia Nomor 11 Tahun 2008 Tentang Informasi dan Transaksi Elektronik. Accessed: 2019-07-07. [Online]. Available: https://bit.ly/2T2Dvho

KEMENKUMHAM. (1981) Undang Undang No. 8 Tahun 1981 Tentang Kitab Undang Undang Hukum Acara Pidana. Accessed: 2019-07-07. [Online]. Available: https://bit.ly/30tCM91

Downloads

Published

2019-10-30

Issue

Vol. 13 No. 2 (2019): CommIT Journal

Section

Articles

License

Authors who publish with this journal agree to the following terms:
a. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License - Share Alike that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.

b. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.

c. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

 

USER RIGHTS

All articles published Open Access will be immediately and permanently free for everyone to read and download.  We are continuously working with our author communities to select the best choice of license options, currently being defined for this journal as follows: Creative Commons Attribution-Share Alike (CC BY-SA)

Abstract 1908  .
PDF downloaded 1093  .