DropBox forensics and security
Posted on 2014-12-02
I am looking for some information on how a DropBox Business scenario as below can be investigated if you suspect there was a data breach and needed to investigate it.
Here the situation:
In a company the company directory is getting backed-up, the drives on the employees PC is not getting backed-up. The employee has a personal dropbox on his employee PC and saved files from the company directory to the personal dropbox. If the employee gets kicked out and can’t delete the dropbox on the PC, but instead delinked online the dropbox on the employees PC from his personal dropbox,
1) Can the company see if the files from the directory were saved on the dropbox or just on the employees PC drive?
2) Can the company see which files were saved on the PC or on the dropbox (specific files or just if it was a pdf or an excel file)?
3) Is it possible that the files did not get deleted from the employees PC and the company can see which files were on the personal dropbox?
4) Last point is that the company did actually see how many files were uploaded to the dropbox.
5) Does dropbox record when you delete files? I mean is it possible to see later when files were deleted?
Can anyone speak to some of these points in whether it is possible to find these records and how you would do it?