Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices

In today’s Internet-connected world, mobile devices are increasingly used to access cloud storage services, which allow users to access data anywhere, anytime. Mobile devices have, however, been known to be used and/or targeted by cyber criminals to conduct malicious activities, such as data exfiltration, malware, identity theft, piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. Consequently, mobile devices are an increasing important source of evidence in digital investigations. In this paper, we examine four popular cloud client apps, namely OneDrive, Box, GoogleDrive, and Dropbox, on both Android and iOS platforms (two of the most popular mobile operating systems). We identify artefacts of forensic interest, such as information generated during login, uploading, downloading, deletion, and the sharing of files. These findings may assist forensic examiners and practitioners in real-world examination of cloud client applications on Android and iOS platforms.

[1]  Qijun Gu,et al.  Secure Mobile Cloud Computing and Security Issues , 2014 .

[2]  Richard P. Ayers,et al.  Guidelines on Mobile Device Forensics , 2014 .

[3]  Kim-Kwang Raymond Choo,et al.  Remote Programmatic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[5]  Kim-Kwang Raymond Choo,et al.  Cloud security ecosystem , 2015, The Cloud Security Ecosystem.

[6]  Ali Dehghantanha,et al.  Ubuntu One investigation: Detecting evidences on client machines , 2015, The Cloud Security Ecosystem.

[7]  Ali Dehghantanha,et al.  Investigation of bypassing malware defences and malware detections , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[8]  Ali Dehghantanha,et al.  SugarSync forensic analysis , 2016 .

[9]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[10]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[11]  International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2016, Chengdu, China, October 13-15, 2016 , 2016, CyberC.

[12]  Ali Dehghantanha,et al.  M0Droid: An Android Behavioral-Based Malware Detection Model , 2015 .

[13]  Gianluigi Me,et al.  A Case Study on Digital Forensics in the Cloud , 2012, 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[14]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[15]  Ali Dehghantanha,et al.  Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms , 2016 .

[16]  Ali Dehghantanha,et al.  Privacy-respecting digital investigation , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[17]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[18]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[19]  Kim-Kwang Raymond Choo,et al.  Cloud Storage Forensic Framework , 2014 .

[20]  Jason S. Hale Amazon Cloud Drive forensic analysis , 2013, Digit. Investig..

[21]  Kim-Kwang Raymond Choo,et al.  Conceptual evidence collection and analysis methodology for Android devices , 2015, The Cloud Security Ecosystem.

[22]  Ali Dehghantanha,et al.  Towards a Unified Forensic Investigation Framework of Smartphones , 2013 .

[23]  Kim-Kwang Raymond Choo Organised crime groups in cyberspace: a typology , 2008 .

[24]  Ali Dehghantanha,et al.  Trends In Android Malware Detection , 2013, J. Digit. Forensics Secur. Law.

[25]  Kim-Kwang Raymond Choo,et al.  Criminal Exploitation of Online Systems by Organised Crime Groups , 2008 .

[26]  Ali Dehghantanha,et al.  Cloud computing and conflicts with digital forensic investigation , 2013 .

[27]  Keesook J. Han,et al.  High Performance Cloud Auditing and Applications , 2014 .

[28]  Ali Dehghantanha,et al.  A survey on privacy impacts of digital investigation , 2013 .

[29]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[30]  Corrado Federici,et al.  Cloud Data Imager: A unified answer to remote acquisition of cloud storage areas , 2014, Digit. Investig..

[31]  Alan T. Sherman,et al.  Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques , 2012, Digit. Investig..

[32]  Tim Storer,et al.  Using Smartphones as a Proxy for Forensic Evidence Contained in Cloud Storage Services , 2013, 2013 46th Hawaii International Conference on System Sciences.

[33]  Kim-Kwang Raymond Choo,et al.  Cloud Storage Forensics , 2013, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[34]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[35]  Weidong Shi,et al.  Forensics-as-a-Service (FaaS): Computer Forensic Workflow Management and Processing Using Cloud , 2013, CLOUD 2013.