File: cloud_services.yaml

package info (click to toggle)
forensic-artifacts 20201106-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 832 kB
  • sloc: python: 1,943; sh: 181; makefile: 7
file content (80 lines) | stat: -rw-r--r-- 2,750 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# Cloud service artifacts.

name: CloudStorageClients
doc: Multiple cloud storage client artifacts.
sources:
- type: ARTIFACT_GROUP
  attributes:
    names:
    - 'DropboxClient'
    - 'GoogleDriveClient'
    - 'SkyDriveClient'
labels: [Cloud Storage]
supported_os: [Darwin,Linux,Windows]
---
name: DropboxClient
doc: Dropbox cloud storage client artifacts.
sources:
- type: FILE
  attributes:
    paths:
    - '%%users.appdata%%\Dropbox\*.db*'
    - '%%users.localappdata%%\Dropbox\*.db*'
    separator: '\'
  supported_os: [Windows]
- type: FILE
  attributes:
    paths:
    - '%%users.homedir%%/.dropbox/*.db*'
  supported_os: [Darwin,Linux]
supported_os: [Darwin,Linux,Windows]
labels: [Cloud Storage]
urls: ['https://forensicswiki.xyz/wiki/index.php?title=Dropbox']
---
name: GoogleDriveClient
doc: Google Drive cloud storage client artifacts.
sources:
- type: FILE
  attributes:
    paths:
    - '%%users.localappdata%%\Google\Drive\snapshot.db'
    - '%%users.localappdata%%\Google\Drive\sync_config.db'
    - '%%users.localappdata%%\Google\Drive\sync_config.log*'
    - '%%users.localappdata%%\Google\Drive\user_default\snapshot.db'
    - '%%users.localappdata%%\Google\Drive\user_default\sync_config.db'
    - '%%users.localappdata%%\Google\Drive\user_default\sync_config.log*'
    separator: '\'
  supported_os: [Windows]
- type: FILE
  attributes:
    paths:
    - '%%users.homedir%%/Library/Application Support/Google/Drive/snapshot.db'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.db'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.log*'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/snapshot.db'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.db'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.log*'
  supported_os: [Darwin]
supported_os: [Darwin, Windows]
labels: [Cloud Storage]
urls: ['https://forensicswiki.xyz/wiki/index.php?title=Google_Drive']
---
name: SkyDriveClient
doc: |
  Microsoft Sky Drive cloud storage client artifacts.

  Note that Sky Drive was renamed to One Drive.
sources:
- type: FILE
  attributes:
    paths:
    - '%%users.localappdata%%\Microsoft\SkyDrive\logs\*.log'
    - '%%users.localappdata%%\Microsoft\SkyDrive\setup\logs\*.log'
    - '%%users.localappdata%%\Microsoft\SkyDrive\settings\ApplicationSettings.xml'
    - '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.dat'
    - '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.ini'
    separator: '\'
  supported_os: [Windows]
supported_os: [Windows]
labels: [Cloud Storage]
urls: ['https://forensicswiki.xyz/wiki/index.php?title=One_Drive#Sky_Drive_client']