A forensic analysis of rclone and rclone's prospects for digital forensic investigations of cloud storage. (September 2022)
- Record Type:
- Journal Article
- Title:
- A forensic analysis of rclone and rclone's prospects for digital forensic investigations of cloud storage. (September 2022)
- Main Title:
- A forensic analysis of rclone and rclone's prospects for digital forensic investigations of cloud storage
- Authors:
- Breitinger, Frank
Zhang, Xiaolu
Quick, Darren - Abstract:
- Abstract: Organizations and end users are moving their data into the cloud and trust Cloud Storage Providers (CSP) such as pCloud, Dropbox, or Backblaze. Given their popularity, it is likely that forensic examiners encounter one or more online storage types that they will have to acquire and analyze during an investigation. To access cloud storage, CSPs provide web-interfaces, proprietary software solutions (e.g., Dropbox client for Windows) as well as APIs allowing third-party access. One of these third-party applications is rclone which is an open-source tool to access many common CSPs through a command line interface. In this article, we look at rclone from two perspectives: First, we perform a forensic analysis on rclone and discuss aspects such as password recovery of the configuration file, encryption, and JA3 fingerprints. Second, we discuss rclone as a prospect to be a forensic tool which includes its read-only mount feature and sample cases. Under the circumstances tested, rclone is suitable for forensic practitioners as it is open-source, documented, and includes some essential functionality frequently needed but practitioners need to be aware of the caveats.
- Is Part Of:
- Forensic science international. Volume 43(2022)Supplement
- Journal:
- Forensic science international
- Issue:
- Volume 43(2022)Supplement
- Issue Display:
- Volume 43, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 43
- Issue:
- 2022
- Issue Sort Value:
- 2022-0043-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-09
- Subjects:
- Rclone -- Cloud storage -- Acquisition -- Application forensics -- Cloud computing forensics
- Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.fsidi.2022.301443 ↗
- Languages:
- English
- ISSNs:
- 2666-2817
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23954.xml