/usr/share/artifacts/cloud_services.yaml is in forensic-artifacts 20161022-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 | # Cloud service artifacts.
name: CloudStorageClients
doc: Multiple cloud storage client artifacts.
sources:
- type: ARTIFACT_GROUP
attributes:
names:
- 'DropboxClient'
- 'GoogleDriveClient'
- 'SkyDriveClient'
labels: [Cloud Storage]
supported_os: [Darwin,Linux,Windows]
---
name: DropboxClient
doc: Dropbox cloud storage client artifacts.
sources:
- type: FILE
attributes:
paths:
- '%%users.appdata%%\Dropbox\*.db*'
- '%%users.localappdata%%\Dropbox\*.db*'
supported_os: [Windows]
- type: FILE
attributes:
paths:
- '%%users.homedir%%/.dropbox/*.db*'
supported_os: [Darwin,Linux]
supported_os: [Darwin,Linux,Windows]
labels: [Cloud Storage]
urls: ['http://www.forensicswiki.org/wiki/Dropbox']
---
name: GoogleDriveClient
doc: Google Drive cloud storage client artifacts.
sources:
- type: FILE
attributes:
paths:
- '%%users.localappdata%%\Google\Drive\snapshot.db'
- '%%users.localappdata%%\Google\Drive\sync_config.db'
- '%%users.localappdata%%\Google\Drive\sync_config.log*'
- '%%users.localappdata%%\Google\Drive\user_default\snapshot.db'
- '%%users.localappdata%%\Google\Drive\user_default\sync_config.db'
- '%%users.localappdata%%\Google\Drive\user_default\sync_config.log*'
supported_os: [Windows]
supported_os: [Windows]
labels: [Cloud Storage]
urls: ['http://www.forensicswiki.org/wiki/Google_Drive']
---
name: SkyDriveClient
doc: |
Microsoft Sky Drive cloud storage client artifacts.
Note that Sky Drive was renamed to One Drive.
sources:
- type: FILE
attributes:
paths:
- '%%users.localappdata%%\Microsoft\SkyDrive\logs\*.log'
- '%%users.localappdata%%\Microsoft\SkyDrive\setup\logs\*.log'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\ApplicationSettings.xml'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.dat'
- '%%users.localappdata%%\Microsoft\SkyDrive\settings\*.ini'
supported_os: [Windows]
supported_os: [Windows]
labels: [Cloud Storage]
urls: ['http://forensicswiki.org/wiki/One_Drive#Sky_Drive_client']
|