Amazon Cloud Drive forensic analysis

Cloud storage is becoming increasingly popular among individuals and businesses. Amazon Cloud Drive is a flavor of cloud-based storage that allows users to transfer files to and from multiple computers, with or without the use of a separate application that must be installed on the user's machine. This paper discusses the digital artifacts left behind after an Amazon Cloud Drive has been accessed or manipulated from a computer. Methods available to a forensic examiner that can be used to determine file transfers that occurred to and from an Amazon Cloud Drive on a computer, as well as retrieving relevant Cloud Drive artifacts from unallocated space is discussed in this paper. Two Perl scripts are also introduced to help automate the process of retrieving information from Amazon Cloud Drive artifacts. (C) 2013 Elsevier Ltd. All rights reserved.