Analysis of Evidence in Cloud Storage Client Applications on the Windows Platform

Document Type

Contribution to Book

Publication Date


Publication Title

Proceedings of the International Conference on Security and Management


In the research proposed in this paper, we present an approach to conduct a simple forensic analysis of cloud client storage applications on a Windows 8.1 virtual machine, in order to find possible traces left on the system that indicate the use of the cloud storage client applications even after the application is deleted. Our analysis focuses on the locations where evidence can be gathered and on the different types of files that can constitute possible evidence. The aim of this work is to collect data remnants from different cloud client applications once the applications is installed; remove the application and look for data remnants. Finally, we try to recover files that may have been deleted from the storage space.