Greetings,
I have a case that involves forensic preservation of data that is alive and well on a cloud based Dropbox account. I have the user credentials and permission to gain access to the account.
I need some help and direction on how to best preserve the content that is relevant to my case.
Any and all help is greatly appreciated.
Document everything. That's your best bet. Screenshot or record what's in the cloud (include all available metadata), download the files, then hash the files to maintain their integrity for your reporting.
One possible method is to sync the files to a local folder using dropox tools and pull the data from the folder into a secured evidence file. This would be mimicing the actions as if you were the user.
there may be tools on the market that pulls data from Dropbox directly, but if you can create a process that is documented, repeatable and defensible, then you should be ok.
I know for sure Oxygen Detective has an Oxygen Cloud extraction method. I used it on a prior case as we were doing a search of a business.
Hi,
There is also Cloud Analyzer from Cellebrite that works on dropbox.
Regards
You can contact drop box to have it preserved that way too. I remember attending one of their sessions at CACC in Dallas last year. With the proper documents / authorizations, you can get quite a bit from them.
Passware Forensic will allow data acquisition from Dropbox as well.