Department of Computer Sciences, University of Kashmir, India.
Forensic Sci Int. 2019 Sep;302:109845. doi: 10.1016/j.forsciint.2019.06.003. Epub 2019 Jun 12.
The complex architecture and legal restrictions associated with cloud services make the acquisition of data from servers almost impossible in digital investigations involving cloud services. However, smartphones used to access these cloud services can serve as potential sources. In this paper, we investigate Sync.com and FlipDrive cloud client applications on Android platform for artefacts left behind by user activities. Our experiments demonstrate that rich information arising from user activities is left behind by these applications. This information includes installation details, login credentials, names and timestamps of files uploaded, downloaded, deleted and shared. The study also identifies mechanisms for extracting these artefacts from the devices. These findings assist forensic investigators in performing complete, credible and conclusive digital investigation by allowing them to create complete file management history of these applications. Finally, based on these findings, we make many recommendations relevant to the digital investigation involving these applications.
云服务复杂的架构和法律限制使得在涉及云服务的数字调查中几乎不可能从服务器获取数据。然而,用于访问这些云服务的智能手机可以作为潜在的来源。在本文中,我们研究了 Android 平台上的 Sync.com 和 FlipDrive 云客户端应用程序,以寻找用户活动留下的痕迹。我们的实验表明,这些应用程序会留下丰富的用户活动信息。这些信息包括安装详细信息、登录凭据、上传、下载、删除和共享文件的名称和时间戳。该研究还确定了从设备中提取这些痕迹的机制。这些发现通过允许法医调查人员创建这些应用程序的完整文件管理历史记录,帮助他们进行完整、可信和结论性的数字调查。最后,根据这些发现,我们针对涉及这些应用程序的数字调查提出了许多相关建议。
