Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices

Daryabar, F, Dehghantanha, A ORCID:, Eterovic-Soric, B and Choo, KR 2016, 'Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices' , Australian Journal of Forensic Sciences, 48 (6) , pp. 615-642.

[img] PDF - Published Version
Restricted to Repository staff only

Download (4MB)


In today’s Internet-connected world, mobile devices are increasingly used to access cloud storage services, which allow users to access data anywhere, anytime. Mobile devices have, however, been known to be used and/or targeted by cyber criminals to conduct malicious activities, such as data exfiltration, malware, identity theft, piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. Consequently, mobile devices are an increasing important source of evidence in digital investigations. In this paper, we examine four popular cloud client apps, namely OneDrive, Box, GoogleDrive, and Dropbox, on both Android and iOS platforms (two of the most popular mobile operating systems). We identify artefacts of forensic interest, such as information generated during login, uploading, downloading, deletion, and the sharing of files. These findings may assist forensic examiners and practitioners in real-world examination of cloud client applications on Android and iOS platforms.

Item Type: Article
Schools: Schools > School of Computing, Science and Engineering
Journal or Publication Title: Australian Journal of Forensic Sciences
Publisher: Taylor & Francis
ISSN: 0045-0618
Related URLs:
Funders: Non funded research
Depositing User: Dr. Ali Dehghantanha
Date Deposited: 07 Mar 2016 11:59
Last Modified: 16 Feb 2022 17:36

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)


Downloads per month over past year