Cloud storage investigation tool Dropbox Reader

Drobbox is an online cloud storage service with millions of users, they claim to keep the data encrypted but their terms and conditions state that (using slightly different wording) there is a backdoor to your private data to allow USA authorities to access it with a subpoena. Besides being unethical it is also a security risk because any backdoor that encryption has can be exploited by the bad guys, without one your data will be more secure from malicious hacking.

Computer hacking forensic investigator

Computer hacking forensic investigator

In case using Dropbox back-doored cloud storage does not put you off, a command line computer forensics investigation tool targeting Dropbox users has been released by Architecture Technology Corporation, the tool takes advantage of Dropbox database files and it is meant to be used by computer forensic experts to aid them in their investigation. In real life, anyone with a little Python and Unix knowledge, bad and good people alike, can use this free tool to get data out of Dropbox user’s.

Dropbox Reader can get the user’s email address, Dropbox identifier, software version being used, a list of recently changed files stored in config.db, ¬†even without the actualy physical files, names many times reveal clues about the files content, Dropbox Reader can also get a list of files marked for synchronization and the shared directories, stored in filecache.db.

When Dropbox is installed it makes changes in the Windows registry, an investigator should be able to find out that Dropbox has been previously installed by just looking at the Windows registry keys and get some information out of Dropbox even when this has been uninstalled, when uninstalled Dropbox removes the database but keeps the installation directory in place.

Visit  Dropbox Reader homepage

Leave a Reply