Cloud Forensics

Question 1

Cloud Service Models

Answer 1

IaaS
PaaS
SaaS

Question 2

IaaS

Answer 2

This cloud computing service enables subscribers to use fundamental IT resources such as computing power, virtualization, data storage, network, and so on, on demand. As cloud service providers are responsible for managing the underlying cloud-computing infrastructure, subscribers can avoid costs of human capital, hardware, and others (e.g., Amazon EC2, Go grid, Sungrid, Windows SkyDrive).

Question 3

PaaS

Answer 3

This service offers the platform for the development of applications and services. Subscribers need not buy and manage the software and infrastructure underneath it but have authority over deployed applications and perhaps application hosting environment configurations. Advantages of writing applications in the PaaS environment includes dynamic scalability, automated backups, and other platform services, without the need to explicitly code for i

Question 4

SaaS

Answer 4

This cloud computing service offers application software to subscribers’ on-demand, over the Internet. The provider charges for it on a pay-per-use basis, by subscription, by advertising, or by sharing among multiple use

Question 5

Cloud Deployment Models

Answer 5

Public
Private
Hybrid
Community

Question 6

Cloud as a Subject

Answer 6

a crime in which the attackers try to compromise the security of a cloud environment to steal data or inject a malware.

Question 7

Cloud as a Object

Answer 7

when the attacker uses the cloud to commit a crime targeted towards the CSP. In this case, the main aim of the attacker is to impact cloud service provider than cloud environment.

Question 8

Cloud as a Tool

Answer 8

when the attacker uses one compromised cloud account to attack other accounts. In such cases, both the source and target cloud can store the evidence data.

Question 9

Dropbox

Answer 9

Dropbox comes with a feature called extended version history (EVH), which saves all the deleted and previous versions of the files by default. Dropbox offers this service in two versions, the free and the Dropbox Pro variant. The main difference is that the free version will store the previous versions of deleted files for 30 days, while the pro version can access any version at any given time.

Question 10

Where is Dropbox client installed at on Win 10?

Answer 10

C:\Program Files (x86)\Dropbox

Question 11

Dropbox default folder for syncing is saved?

Answer 11

C:\Users\Dropbox

Question 12

Dropbox Registry Keys

Answer 12

1. HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
2. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIco nOverlayIdentifiers\DropboxExt(n)
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox
4. HKLM\SOFTWARE\Classes\DropboxUpdate.ProcessLauncher
5. HKLM\SOFTWARE\Dropbox\InstallPath
6. HKLM\SOFTWARE\Dropbox\Client\Version

Question 13

Where is the Dropbox config.db stored?

Answer 13

Path - C:\Users\AppData\Local\Dropbox\instance(n)

Question 14

What is the Dropbox config.db?

Answer 14

What is it for? - Contains some information about local Dropbox installation and account. Lists the email IDs linked with the account, current version/build for the local application, the host_id, and local path information “config.dbx” is an encrypted variant of “config.db”

Question 15

Where is the Dropbox filecache.db located?

Answer 15

C:\Users\AppData\Local\Dropbox\instance(n)

Question 16

What is the Dropbox filecache.db?

Answer 16

It consists of several columns of which, “file_journal” is important as it contains a list of all directories and files inside “Dropbox”. It appears as if they are existing files, not deleted ones.

Question 17

Where is the Dropbox sigstore.db located?

Answer 17

Path - C:\Users\AppData\Local\Dropbox\instance(n)

Question 18

What is the Dropbox sigstore.db?

Answer 18

Records SHA-256 hash and each file’s size information

Question 19

Where is the Dropbox host.db?

Answer 19

C:\Users\AppData\Local\Dropbox

Question 20

What is the Dropbox host.db?

Answer 20

plain text file containing hash value(s) of usernames

Question 21

Where is the Dropbox unlink.db?

Answer 21

Path - C:\Users\AppData\Local\Dropbox

Question 22

What is the Dropbox unlink.db?

Answer 22

binary/database file

Question 23

Where is the Dropbox .dropbox.cache

Answer 23

C:\Users\Dropbox

Question 24

What is the Dropbox .dropbox.cache?

Answer 24

It is a hidden directory located at the root Dropbox folder that is used as a staging area for downloading and uploading files

Question 25

Where is Google Drive client install located?

Answer 25

C:\Program Files (x86)\Google\Drive

Question 26

Where is the Google Drive Syncing folder?

Answer 26

C:\Users\Google Drive

Question 27

Google Drive Registry Keys

Answer 27

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders HKCU\SOFTWARE\Google\Drive HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleDriveSync HKCU\SOFTWARE\Classes

Question 28

Sync_config.db is?.

Answer 28

Sync_config.db is a database file for the Google Drive Client that contains several records including the Google Drive version, the local sync root path, and the user’s email address.