From ForensicsWiki
Revision as of 15:52, 22 April 2014 by Joachim Metz (Talk | contribs) (External Links)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Dropbox is a service with dedicated applications allowing people to share their files between multiple computers (including smartphones) and each other. It is thus similar in purpose to Wuala, SpiderOak and Box.com.


Dropbox has been shown to have major design flaws, making it very insecure. A key problem is that the files are encrypted by Dropbox's servers, which allows Dropbox (and legal authorities) to get access to the files. In June 2011 Dropbox accidentally broke their authentication control system and allowed access to any account without a password, and thus potentially every user's files to be exposed to the world.

Client Application

The Dropbox client running on windows was analyzed and shown to leave a significant amount of data debris behind when deleted. An overview of the report is here. Even after deletion of the application, this would allow a forensic analyst to detect that Dropbox has been in use, potentially identify other computers linked to the same account, and potentially recover files that were shared using the service.

Server-side file encryption has some benefits to both user and provider, in that if someone uploads a file already stored by Dropbox, then the client makes a fingerprint (hash) of the file and Dropbox's servers will flag that the file doesn't need to be uploaded, so the client "upload" process completes much faster. However, this also means that it is possible to detect if a file has already been stored by Dropbox, and therefore a legal authority can take action against Dropbox to identify other "owners".

Server Side

According to online help, "All files stored online by Dropbox are encrypted and kept securely on Amazon's Simple Storage Service (S3) in multiple data centers located across the United States."

Forensic Tools

Dropbox Reader was released in June 2011 by Cybermarshal, the computer forensics wing of ATC-NY. The command-line scripts can parse forensic artifacts from a client machine.

External Links