/
cloud_services.yaml
80 lines (78 loc) · 2.64 KB
/
cloud_services.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# Cloud service artifacts.
name: CloudStorageClients
doc: Multiple cloud storage client artifacts.
sources:
- type: ARTIFACT_GROUP
attributes:
names:
- 'DropboxClient'
- 'GoogleDriveClient'
- 'SkyDriveClient'
labels: [Cloud Storage]
supported_os: [Darwin,Linux,Windows]
---
name: DropboxClient
doc: Dropbox cloud storage client artifacts.
sources:
- type: FILE
attributes:
paths:
- '%%users.appdata%%\Dropbox\*.db*'
- '%%users.localappdata%%\Dropbox\*.db*'
separator: '\'
supported_os: [Windows]
- type: FILE
attributes:
paths:
- '%%users.homedir%%/.dropbox/*.db*'
supported_os: [Darwin,Linux]
supported_os: [Darwin,Linux,Windows]
labels: [Cloud Storage]
urls: ['http://www.forensicswiki.org/wiki/Dropbox']
---
name: GoogleDriveClient
doc: Google Drive cloud storage client artifacts.
sources:
- type: FILE
attributes:
paths:
- '%%users.localappdata%%\Google\Drive\snapshot.db'
- '%%users.localappdata%%\Google\Drive\sync_config.db'
- '%%users.localappdata%%\Google\Drive\sync_config.log*'
- '%%users.localappdata%%\Google\Drive\user_default\snapshot.db'
- '%%users.localappdata%%\Google\Drive\user_default\sync_config.db'
- '%%users.localappdata%%\Google\Drive\user_default\sync_config.log*'
separator: '\'
supported_os: [Windows]
- type: FILE
attributes:
paths:
- '%%users.homedir%%/Library/Application Support/Google/Drive/snapshot.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/sync_config.log*'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/snapshot.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.db'
- '%%users.homedir%%/Library/Application Support/Google/Drive/user_default/sync_config.log*'
supported_os: [Darwin]
supported_os: [Darwin, Windows]
labels: [Cloud Storage]
urls: ['http://www.forensicswiki.org/wiki/Google_Drive']
---
name: SkyDriveClient
doc: |
Microsoft Sky Drive cloud storage client artifacts.
Note that Sky Drive was renamed to One Drive.
sources:
- type: FILE
attributes:
paths:
- '%%users.localappdata%%\Microsoft\SkyDrive\logs\*.log'
- '%%users.localappdata%%\Microsoft\SkyDrive\setup\logs\*.log'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\ApplicationSettings.xml'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.dat'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.ini'
separator: '\'
supported_os: [Windows]
supported_os: [Windows]
labels: [Cloud Storage]
urls: ['http://forensicswiki.org/wiki/One_Drive#Sky_Drive_client']