Abstract
The increasing use of smartphones and cloud storage apps allows users to access their data anywhere, anytime. Due to the potential of mobile devices being used and/or targeted by criminals, such devices are an important source of evidence in investigations of both cybercrime and traditional crimes, such as drug trafficking. In this paper, we study the MEGA cloud client app, an increasingly popular alternative to Google Drive, Dropbox and OneDrive, on both Android and iOS platforms. In our study, we identify a range of artefacts arising from user activities, such as login, uploading, downloading, deletion, and the sharing of files, which could be forensically recovered, as well as findings such as modification of files’ timestamps. Our findings contribute to an up-to-date understanding of cloud storage forensics.
Acknowledgment
The views and opinions expressed in this article are those of the authors alone and not the organisations with whom the authors are or have been associated and supported.