File: cloud_services.yaml

package info (click to toggle)
forensic-artifacts 20230928-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 996 kB
  • sloc: python: 1,939; sh: 22; makefile: 11
file content (79 lines) | stat: -rw-r--r-- 2,787 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
 
# Cloud service artifacts.
---
name: CloudStorageClients
doc: Multiple cloud storage client artifacts.
sources:
- type: ARTIFACT_GROUP
  attributes:
    names:
    - 'DropboxClient'
    - 'GoogleDriveClient'
    - 'SkyDriveClient'
supported_os: [Darwin, Linux, Windows]
---
name: DropboxClient
doc: Dropbox cloud storage client artifacts.
sources:
- type: FILE
  attributes:
    paths:
    - '%%users.appdata%%\Dropbox\*.db*'
    - '%%users.localappdata%%\Dropbox\*.db*'
    - '%%users.localappdata%%\Dropbox\instance*\sync_history.db'
    separator: '\'
  supported_os: [Windows]
- type: FILE
  attributes:
    paths:
    - '%%users.homedir%%/.dropbox/*.db*'
    - '%%users.homedir%%/.dropbox/instance*/sync_history.db'
  supported_os: [Darwin, Linux]
supported_os: [Darwin, Linux, Windows]
urls: ['https://forensics.wiki/dropbox']
---
name: GoogleDriveClient
doc: Google Drive cloud storage client artifacts.
sources:
- type: FILE
  attributes:
    paths:
    - '%%users.localappdata%%\Google\Drive\snapshot.db'
    - '%%users.localappdata%%\Google\Drive\sync_config.db'
    - '%%users.localappdata%%\Google\Drive\sync_config.log*'
    - '%%users.localappdata%%\Google\Drive\user_default\snapshot.db'
    - '%%users.localappdata%%\Google\Drive\user_default\sync_config.db'
    - '%%users.localappdata%%\Google\Drive\user_default\sync_config.log*'
    - '%%users.localappdata%%\Google\Drive\user_default\sync_log.log*'
    separator: '\'
  supported_os: [Windows]
- type: FILE
  attributes:
    paths:
    - '%%users.homedir%%/Library/Application Support/Google/Drive/snapshot.db'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.db'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.log*'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/snapshot.db'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.db'
    - '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.log*'
  supported_os: [Darwin]
supported_os: [Darwin, Windows]
urls: ['https://forensics.wiki/google_drive']
---
name: SkyDriveClient
doc: |
  Microsoft Sky Drive cloud storage client artifacts.

  Note that Sky Drive was renamed to One Drive.
sources:
- type: FILE
  attributes:
    paths:
    - '%%users.localappdata%%\Microsoft\SkyDrive\logs\*.log'
    - '%%users.localappdata%%\Microsoft\SkyDrive\setup\logs\*.log'
    - '%%users.localappdata%%\Microsoft\SkyDrive\settings\ApplicationSettings.xml'
    - '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.dat'
    - '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.ini'
    separator: '\'
  supported_os: [Windows]
supported_os: [Windows]
urls: ['https://forensics.wiki/one_drive#sky-drive-client']