Forensic Investigation of Smartphone Cloud Storage Applications

Aiza Aqeel Abbasi, Shahzad Saleem, Roha Zulqarnain


Advancement in technology allows people to access the data through smartphones regardless of the time and place. Because of widespread applications of users’ interest, the dependency on the mobile devices has increased. Cloud storage applications are attracting user’s attention rapidly and will continue enjoying this ever increasing popularity in the near future as well. This makes them an important potential container of evidence during the investigation. So, it is important for forensic practitioners to match their pace with technological advancements. This paper has addressed the above-mentioned problem as per NIST methodology; bit-by-bit image(s) of android phone is analyzed for exploring the containers for retrieving important artifacts of user activities. The study aims to possibly help the investigative process by scrutinizing cloud storage applications namely: Cubby and IDrive. As a result, interesting locations were identified from where security vulnerabilities and other short comings were exposed. Overall the study concludes that security of Cubby is far better than IDrive.


cyber security, mobile forensics, storage applications, forensic investigators, cloud computing


Martini, B., Do, Q., & Choo, K.-K. R. (2015). Conceptual evidence collection and analysis methodology for Android devices. arXiv:1506.05527 [Cs], 285–307.

Daryabar, F., Dehghantanha, A., Eterovic-Soric, B., & Choo, K.-K. R. (2016). Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices. Australian Journal of Forensic Sciences, 1–28.

Webb Hobson E. Digital investigations in the cloud. Farnborough, UK: QinetiQ Digital Investigations Service; 2010

Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, Supplement, S64–S73.

Ayers, R., Jansen, W., & Brothers, S. (2014). Guidelines on mobile device forensics (NIST Special Publication 800-101 Revision 1), 1, 85.

Quick, D., & Choo, K.-K. R. (2013b). Dropbox analysis: Data remnants on user machines. Digital Investigation, 10(1), 3–18.

Quick, D., & Choo, K.-K. R. (2014). Google Drive: Forensic analysis of data remnants. Journal of Network and Computer Applications, 40, 179–193.

Daryabar, F., Dehghantanha, A., & Choo, K.-K. R. (2016). Cloud storage forensics: MEGA as a case study. Australian Journal of Forensic Sciences, 1–14.

Martini, B., & Choo, K.-K. R. (2013). Cloud storage forensics: ownCloud as a case study. Digital Investigation, 10(4), 287–299.

Shariati, M., Dehghantanha, A., & Choo, K.-K. R. (2016). SugarSync forensic analysis. Australian Journal of Forensic Sciences, 48(1), 95–117.

Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital forensic investigation of cloud storage services. Digital Investigation, 9(2), 81–95.

Al Mutawa, N., Baggili, I., & Marrington, A. (2012). Forensic analysis of social networking applications on mobile devices. Digital Investigation, 9, Supplement, S24–S33.

Anglano, C. (2014). Forensic analysis of WhatsApp Messenger on Android smartphones. Digital Investigation, 11(3), 1–13.

Quick, D., & Choo, K.-K. R. (2013a). Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), 1378–1394.

Hale, J. S. (2013). Amazon Cloud Drive forensic analysis. Digital Investigation, 10(3), 259–265.


  • There are currently no refbacks.

ISSN: 2070-9900