Hello all,
I am currently working on a case where the focus is theft of intellectual property through the use of a Dropbox account. I have the hard drive of the subject computer and it is a Windows 7 operating system. It is my understanding that Dropbox changed the way it stored file names in its "snapshot.db" file as of Windows 7. These are now encrypted and compressed so that all files appear with a scarmbled name "cXx2hdGkXxke….etc". Any advice on how to see the names of files stored in that Dropbox folder? Is there anywhere else to look or any way to decrypt that dbx? Is there a plain text sync log somewhere that I am missing?
Thanks in advance.
I've yet to test the use of this software, but Magnet Forensics offers a free Dropbox Decryption tool. You just have to complete the form shown here
http//
Thanks cvanaernam,
I looked into this solution and believe this utility is incorporated into IEF. However, to my knowledge it does not support Dropbox on Windows 7 yet as they have yet to break the encryption.
From there website http//
"The main limitation right now is that it only currently works on files obtained from a Windows XP or Vista system due to how Dropbox does the encryption. We hope to add support for Windows 7 when this capability is put into IEF."
Ah yes sorry about that. It looks like IEF Triage can decrypt the database on a live Windows 7 system, but standard cannot off an image file.
"Please note that IEF Triage has supported decrypting and parsing the filecache.dbx file on a live system since v5.8 which was released in January of this year. No password, Protect folders, or registry information is required, and it works on Windows XP, Vista, as well as Windows 7 and Windows 8"
If there is anyway to still access the live system, this may be an option.
cvanaernam,
Great info. Thanks for your help. I actually will have access to the entire system shortly. I will give it a try. I still am curious about gaining access to this information from an image file given the ever growing use of cloud file sync softwares.