Forensics tool exposes Dropbox files

By Darren Pauli on Jun 21, 2011 1:21 PM
Filed under Security
 

Dropbox identities laid bare across Windows, Linux and Mac.

A forensic tool has been released that allows private files on the Dropbox online hosting service to be read.

Its developer, ATC-NY, claims the tool will reveal a user's email address, Dropbox identifier, recent files and shared directories.

Dropbox is a cloud based system that provides a free storage and sharing service from desktops and mobile devices for some 25 million users.

The company claims that it “uses the same secure methods as banks and the military” and prevents its staff from accessing customer data.

But now a new forensic tool, Dropbox Reader, could make it easier for investigators to crack open Dropbox.

The program is a series of six command-line Python scripts that parse Dropbox configuration and cache files using Windows, Mac OS X, and Linux.

ATC-NY described the functions of each Python script:

  • read_config: script outputs the contents of the Dropbox config.db file in human-readable form. This includes the user's registered e-mail address and Dropbox identifier, software version information, and a list of the most-recently-changed files.
  • read_filecache_config: script outputs configuration information from the Dropbox filecache.db file. This includes information about shared directories that are attached to the user's Dropbox account.
  • read_filejournal: script outputs information about Dropbox synchronised files stored in the filecache.db file. This includes local and server-side metadata and a list of block hashes for each Dropbox-synchronised file.
  • read_sigstore: script outputs information from the Dropbox sigstore.db file, which is an additional source of block hashes.
  • hash_blocks: script produces a block hash list for any file. This block hash list can be compared to the block hashes from read_filejournal or read_sigstore.
  • dropbox_contains_file: script hashes one or more files (as per hash_blocks) and compares the resulting block hash list to the files listed in filecache.db (as per read_filejournal) and reports whether the files are partially or exactly the same as any Dropbox-synchronised files.

Copyright © SC Magazine, Australia


Forensics tool exposes Dropbox files
Vizzual, CC2.0
2 comments in this discussion
"I guess 'mrhasbean' that "Private and Confidential" is absolutely a thing of the past for those who insist on using functions such as a "cloud based system that provides a free storage and sharing ..."
By dubious
 
Tags
dropbox, forensics, cloud computing, storage
Related Articles
Breaking Stories
 
Readers of this article also read...
 
Comments: 2
mrhasbean
Jun 21, 2011 3:43 PM
 Translation: "Private and Confidential" are, and will forever continue to be, concepts from the past...
dubious
Jun 21, 2011 4:52 PM
 I guess 'mrhasbean' that "Private and Confidential" is absolutely a thing of the past for those who insist on using functions such as a "cloud based system that provides a free storage and sharing service from desktops and mobile devices"...

'Traditional' emailing of password protected encrypted zip files are also a thing of the past?
Comments have been disabled for this article.
 
 
Top Stories
ATO commits to complexity
ATO commits to complexity
Greater demand, fewer apps.
 
Photos: AusCERT 2013 day two
Photos: AusCERT 2013 day two
The second day of the Queensland security conference.
 
The illusion of cognitive computing
The illusion of cognitive computing
Opinion: IBM's Watson is a marketing success.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

Bankwest builds continuous delivery capability
Bankwest builds continuous delivery capability
To automatically deploy test/dev sandboxes by mid-year.
Veterans' Affairs sets sights on modernisation
Veterans' Affairs sets sights on modernisation
Data safe with Human Services, CIO says.
Citi Australia drops platform customisations
Citi Australia drops platform customisations
Technology chief shifts focus from building to leveraging systems.
VicRoads restructures IT team
VicRoads restructures IT team
Department moves to align with industry benchmarks.
Zurich Australia extends IT team offshore
Zurich Australia extends IT team offshore
Malaysian staff served from Australian data centres.
Leigh Berrell - Utilities CIO of the Year
Leigh Berrell - Utilities CIO of the Year
Yarra Valley Water CIO Leigh Berrell accepts his Benchmark Award for Utilities CIO of the Year.
Wayne McMahon - Retail CIO of the Year
Wayne McMahon - Retail CIO of the Year
Domino's Pizza CIO Wayne McMahon accepts his Benchmark Award for Retail CIO of the Year.
Inside Perpetual's ongoing IT transformation
Inside Perpetual's ongoing IT transformation
CIO Jenny Levy discusses how outsourcing will help the firm "simplify, refocus and grow".
Managing Complexity - Defence's Daniel McCabe
Managing Complexity - Defence's Daniel McCabe
Daniel McCabe, Assistant Secretary of Australia's Department of Defence, provides the audience at the iTnews Data Centre Strategy Summit with a deep dive into the organisation's data centre consolidation program.
How Facebook designed the data centre from scratch - Marco Magarelli
How Facebook designed the data centre from scratch - Marco Magarelli
The full keynote by Facebook data centre architect Marco Magarelli at the Australian Data Centre Strategy Summit. Magarelli details the design considerations behind the social network's Prineville, Oregon; North Carolina and Luleå, Sweden data centres.
Modernising Legacy Data Centres - Telstra's Jon Curry
Modernising Legacy Data Centres - Telstra's Jon Curry
Telstra general manager of managed data centres Jon Curry guides the audience at the iTnews Australian Data Centre Summit through the build of the telco's Clayton, Victoria data centre.
NSW Government launches NABERS data centre rating tools
NSW Government launches NABERS data centre rating tools
Matthew Clark from the NSW Department of Environment guides facilties managers through the details of the new NABERS data centre energy rating tool at the Australian Data Centre Strategy Summit.
NABERS launch panel: Australian Data Centre Strategy Summit
NABERS launch panel: Australian Data Centre Strategy Summit
Matthew Clark (NSW Dept of Environment), Greg Boorer (Canberra Data Centres), Glenn Allan (National Australia Bank), Mike Andrea (Strategic Directions) and Bob Sharon (Green Global Consulting) discuss the impact of the NABERS data centre rating.
Judges notes: Fortescue Metals [The Benchmark Awards]
Judges notes: Fortescue Metals [The Benchmark Awards]
iTnews' panel of judges discuss Fortescue Metals 'New World of Work" project, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Retail [The Benchmark Awards]
Judges notes: Retail [The Benchmark Awards]
iTnews' panel of judges discuss the shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: Pacific Aluminium [The Benchmark Awards]
Judges notes: Pacific Aluminium [The Benchmark Awards]
iTnews' panel of judges discuss Pacific Aluminium's lightning fast service desk refresh, one of three shortlisted finalists for the Industrials category of the CIO Benchmark Awards.
Judges notes: Domino's Pizza [The Benchmark Awards]
Judges notes: Domino's Pizza [The Benchmark Awards]
iTnews' panel of judges discuss Domino's Pizza's shift to hosted services, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: McDonald's Australia [The Benchmark Awards]
Judges notes: McDonald's Australia [The Benchmark Awards]
iTnews' panel of judges discuss McDonald's Australia's new self-service portal for employees, one of three shortlisted finalists for the Retail category of the CIO Benchmark Awards.
Judges notes: ING Direct [The Benchmark Awards]
Judges notes: ING Direct [The Benchmark Awards]
iTnews' panel of judges discuss ING Direct's 'Bank in a Box', one of three shortlisted finalists for the banking and finance category of the CIO Benchmark Awards.
Judges notes: Yarra Valley Water [The Benchmark Awards]
Judges notes: Yarra Valley Water [The Benchmark Awards]
iTnews' panel of judges discuss Yarra Valley Water's insourcing project, one of three shortlisted finalists for the Utilities category of the CIO Benchmark Awards.
Latest Comments
Powered by Disqus
Polls
Do you prefer the Coalition's NBN policy?
   |   View results
Yes
  19%
 
No
  81%
TOTAL VOTES: 1729

Vote
view previous polls »