Digital Forensics Study of a Cloud Storage Client: A Dropbox Artifact Analysis
DOI:
https://doi.org/10.21512/commit.v13i2.5781Keywords:
Cloud Storage, Digital Forensics, Mobile Forensics, Dropbox Analysis, Artifacts, Android-BasedAbstract
The rapid development of cloud storage technology paired with the prevalence of smartphone usage presents wide-ranging challenges for digital forensics practitioners. Data are more easily uploaded and shared between multiple devices and across multiple platforms. So, the process has increased the opportunities for criminality. Criminality undertaken in cloud computing can be directly seen on logs stored on the cloud storage server, which records user activity. However, because of user privacy protection, these logs cannot be easily used as evidence in court. This issue emphasizes the need for a reliable means of identifying, acquiring, and preserving evidential data from the client-side. This study identifies the data artifacts of a user accessing Dropbox via smartphone (Android Lollipop and Android Nougat). The data are from performing several common activities such as installing, signing up, uploading, downloading, sharing, and others. About 14 artifacts are identified by documenting the Dropbox client database changing contents as these activities are carried out. This study increases knowledge of the artifacts that are leftover by Dropbox client on Android smartphones. The results propose this comparing and analyzing method can be used by digital forensics investigators in carrying out investigations and cyberlaw practitioners as guidance in criminal cases.
Plum Analytics
References
W. F. Hsien, C. C. Yang, and M. S. Hwang, “A survey of public auditing for secure data storage in cloud computing,” IJ Network Security, vol. 18, no. 1, pp. 133–142, 2016.
M. A. Khan, “A survey of security issues for cloud computing,” Journal of Network and Computer Applications, vol. 71, pp. 11–29, 2016.
H. Chung, J. Park, S. Lee, and C. Kang, “Digital forensic investigation of cloud storage services,” Digital Investigation, vol. 9, no. 2, pp. 81–95, 2012.
D. C. Chou, “Cloud computing risk and audit issues,” Computer Standards & Interfaces, vol. 42, pp. 137–142, 2015.
M. Muchmore. The best cloud storage and filesharing services for 2019. Accessed: 2019-07-07. [Online]. Available: https://bit.ly/2XUlAfq
S. Mitroff. OneDrive, Dropbox, Google Drive and Box: Which cloud storage service is right for you? Accessed: 2019-07-07. [Online]. Available: https://cnet.co/2emAPbD
L. Caviglione, S. Wendzel, and W. Mazurczyk, “The future of digital forensics: Challenges and the road ahead,” IEEE Security Privacy, vol. 15, no. 6, pp. 12–17, 2017.
E. A. Vincze, “Challenges in digital forensics,” Police Practice and Research, vol. 17, no. 2, pp. 183–194, 2016.
G. B. Satrya, A. A. Nasrullah, and S. Y. Shin, “Identifying artefact on Microsoft OneDrive client to support Android forensics,” International Journal of Electronic Security and Digital Forensics, vol. 9, no. 3, pp. 269–291, 2017.
R. McKemmish, “When is digital evidence forensically sound?” in IFIP International Conference on Digital Forensics, Kyoto, Japan, Jan. 28–30, 2008, pp. 3–15.
Dropbox. Company info. Accessed: 2019-07-07. [Online]. Available: www.dropbox.com
A. Pichan, M. Lazarescu, and S. T. Soh, “Cloud forensics: Technical challenges, solutions and comparative analysis,” Digital Investigation, vol. 13, pp. 38–57, 2015.
F. Daryabar, A. Dehghantanha, and K.-K. R. Choo, “Cloud storage forensics: MEGA as a case study,” Australian Journal of Forensic Sciences, vol. 49, no. 3, pp. 344–357, 2017.
Y. Y. Teing, A. Dehghantanha, K.-K. R. Choo, T. Dargahi, and M. Conti, “Forensic investigation of cooperative storage cloud service: Symform as a case study,” Journal of Forensic Sciences, vol. 62, no. 3, pp. 641–654, 2017.
V. Roussev and S. McCulley, “Forensic analysis of cloud-native artifacts,” Digital Investigation, vol. 16, pp. S104–S113, 2016.
C. Stelly and V. Roussev, “SCARF: A containerbased approach to cloud-scale digital forensic processing,” Digital Investigation, vol. 22, pp. S39–S47, 2017.
D. Quick and K. K. R. Choo, “Dropbox analysis: Data remnants on user machines,” Digital Investigation, vol. 10, no. 1, pp. 3–18, 2013.
D. Quick and M. Alzaabi, “Forensic analysis of the Android file system YAFFS2,” in 9th Australian Digital Forensics Conference, Perth Western Australia, Dec. 5–7, 2011, pp. 100–109.
P. Albano, A. Castiglione, G. Cattaneo, and A. De Santis, “A novel anti-forensics technique for the Android OS,” in 2011 International Conference on Broadband and Wireless Computing, Communication and Applications, Barcelona, Spain, Oct. 26–28, 2011, pp. 380–385.
G. B. Satrya and S. Y. Shin, “Proposed method for mobile forensics investigation analysis of remnant data on Google Drive client,” Journal of Internet Technology, vol. 19, no. 6, pp. 1741–1751, 2018.
F. M. Granja and G. D. R. Rafael, “The preservation of digital evidence and its admissibility in the court,” International Journal of Electronic Security and Digital Forensics, vol. 9, no. 1, pp. 1–18, 2017.
R. Montasari, “Review and assessment of the existing digital forensic investigation process models,” International Journal of Computer Applications, vol. 147, no. 7, pp. 41–49, 2016.
Kominfo. (2008) Undang-Undang Republik Indonesia Nomor 11 Tahun 2008 Tentang Informasi dan Transaksi Elektronik. Accessed: 2019-07-07. [Online]. Available: https://bit.ly/2T2Dvho
KEMENKUMHAM. (1981) Undang Undang No. 8 Tahun 1981 Tentang Kitab Undang Undang Hukum Acara Pidana. Accessed: 2019-07-07. [Online]. Available: https://bit.ly/30tCM91
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:
a. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License - Share Alike that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
b. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
c. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
USER RIGHTS
All articles published Open Access will be immediately and permanently free for everyone to read and download. We are continuously working with our author communities to select the best choice of license options, currently being defined for this journal as follows: Creative Commons Attribution-Share Alike (CC BY-SA)