Cloud storage is now a well established and popular service adopted by many individuals, often at limited or no cost. It provides users with the ability to store content on a cloud service provider’s infrastructure offering the benefit of redundancy, reliability, security, flexibility of access and the potential assumed liability of the provider for data loss within the contexts of a licensing agreement. Consequently, this form of remote storage provides a regulatory challenge as content which once resided upon a seized digital exhibit, available for scrutiny during a digital forensic investigatory, may no longer be present where attempting to acquire access to it creates costing and juridical difficulties. This article offers a digital forensic examination of trace-evidence left in the Internet browser cache following cloud storage account usage and interaction. Following interactions with Dropbox and Google Drive in the Chrome browser, testing demonstrates the possibility to recover data capable of facilitating a partial reconstruction of a user’s cloud storage account, with results offered and contextualised.
|Journal||Journal of Digital Forensics, Security and Law|
|Publication status||Accepted/In press - 15 Nov 2019|