Abstract:
Smartphones are essential and useful tools that make daily tasks easier and hassle-free. A large
storage capacity is a key feature required in mobile phones. However, once a phone is lost or
damaged, data retrieval is challenging. For data backups and remote access of data, millions of
people are using cloud-based storage applications such as Box, Dropbox, Microsoft OneDrive, etc.
Apart from the large positives of usage, many negative activities by criminals and unauthorized
personals can also be performed and data may be theft, shared, transferred, or stored illegally with
bad intentions. As the number of users is growing, security and privacy concerns about data &
fraudulent activities are increasing. Hence, a forensic analysis of unauthorized activities on cloud based applications is required. The purpose of this research is to identify and classify the data
remnants stored on the Android-based cloud storage applications that further facilitate the
investigator to help in the investigation process. In this study, three Android-based cloud storage
applications are employed for research. The analysis is conducted on the physical images taken
after the rooting device. For forensic analysis, four major activities i.e., App Download &
Installation, Account Creation & Registration, User Activities, and App Uninstallation & Deletion
are investigated that identify relevant key artifacts. These artifacts include device info, sim info,
registered play store account, email address, applications detailed info, user activities, data or items
stored on these apps, the preview of these files, and file info. This research can be further carried
out for forensic analysis of iOS applications in the future.
