Cloud Forensics Flashcards
Cloud Service Models
IaaS
PaaS
SaaS
IaaS
This cloud computing service enables subscribers to use fundamental IT resources such as computing power, virtualization, data storage, network, and so on, on demand. As cloud service providers are responsible for managing the underlying cloud-computing infrastructure, subscribers can avoid costs of human capital, hardware, and others (e.g., Amazon EC2, Go grid, Sungrid, Windows SkyDrive).
PaaS
This service offers the platform for the development of applications and services. Subscribers need not buy and manage the software and infrastructure underneath it but have authority over deployed applications and perhaps application hosting environment configurations. Advantages of writing applications in the PaaS environment includes dynamic scalability, automated backups, and other platform services, without the need to explicitly code for i
SaaS
This cloud computing service offers application software to subscribers’ on-demand, over the Internet. The provider charges for it on a pay-per-use basis, by subscription, by advertising, or by sharing among multiple use
Cloud Deployment Models
Public
Private
Hybrid
Community
Cloud as a Subject
a crime in which the attackers try to compromise the security of a cloud environment to steal data or inject a malware.
Cloud as a Object
when the attacker uses the cloud to commit a crime targeted towards the CSP. In this case, the main aim of the attacker is to impact cloud service provider than cloud environment.
Cloud as a Tool
when the attacker uses one compromised cloud account to attack other accounts. In such cases, both the source and target cloud can store the evidence data.
Dropbox
Dropbox comes with a feature called extended version history (EVH), which saves all the deleted and previous versions of the files by default. Dropbox offers this service in two versions, the free and the Dropbox Pro variant. The main difference is that the free version will store the previous versions of deleted files for 30 days, while the pro version can access any version at any given time.
Where is Dropbox client installed at on Win 10?
C:\Program Files (x86)\Dropbox
Dropbox default folder for syncing is saved?
C:\Users\Dropbox
Dropbox Registry Keys
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIco nOverlayIdentifiers\DropboxExt(n)
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dropbox
- HKLM\SOFTWARE\Classes\DropboxUpdate.ProcessLauncher
- HKLM\SOFTWARE\Dropbox\InstallPath
- HKLM\SOFTWARE\Dropbox\Client\Version
Where is the Dropbox config.db stored?
Path - C:\Users\AppData\Local\Dropbox\instance(n)
What is the Dropbox config.db?
What is it for? - Contains some information about local Dropbox installation and account. Lists the email IDs linked with the account, current version/build for the local application, the host_id, and local path information “config.dbx” is an encrypted variant of “config.db”
Where is the Dropbox filecache.db located?
C:\Users\AppData\Local\Dropbox\instance(n)
What is the Dropbox filecache.db?
It consists of several columns of which, “file_journal” is important as it contains a list of all directories and files inside “Dropbox”. It appears as if they are existing files, not deleted ones.
Where is the Dropbox sigstore.db located?
Path - C:\Users\AppData\Local\Dropbox\instance(n)
What is the Dropbox sigstore.db?
Records SHA-256 hash and each file’s size information
Where is the Dropbox host.db?
C:\Users\AppData\Local\Dropbox
What is the Dropbox host.db?
plain text file containing hash value(s) of usernames
Where is the Dropbox unlink.db?
Path - C:\Users\AppData\Local\Dropbox
What is the Dropbox unlink.db?
binary/database file
Where is the Dropbox .dropbox.cache
C:\Users\Dropbox
What is the Dropbox .dropbox.cache?
It is a hidden directory located at the root Dropbox folder that is used as a staging area for downloading and uploading files
Where is Google Drive client install located?
C:\Program Files (x86)\Google\Drive
Where is the Google Drive Syncing folder?
C:\Users\Google Drive
Google Drive Registry Keys
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders HKCU\SOFTWARE\Google\Drive HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleDriveSync HKCU\SOFTWARE\Classes
Sync_config.db is?.
Sync_config.db is a database file for the Google Drive Client that contains several records including the Google Drive version, the local sync root path, and the user’s email address.
