Forensic analysis of Sync.com and FlipDrive cloud applications on Android platform.

The complex architecture and legal restrictions associated with cloud services make the acquisition of data from servers almost impossible in digital investigations involving cloud services. However, smartphones used to access these cloud services can serve as potential sources. In this paper, we investigate Sync.com and FlipDrive cloud client applications on Android platform for artefacts left behind by user activities. Our experiments demonstrate that rich information arising from user activities is left behind by these applications. This information includes installation details, login credentials, names and timestamps of files uploaded, downloaded, deleted and shared. The study also identifies mechanisms for extracting these artefacts from the devices. These findings assist forensic investigators in performing complete, credible and conclusive digital investigation by allowing them to create complete file management history of these applications. Finally, based on these findings, we make many recommendations relevant to the digital investigation involving these applications.