tag:blogger.com,1999:blog-1466903740262764947.post7346910087300793428..comments2023-12-28T03:01:49.774-06:00Comments on Hacking Exposed Computer Forensics Blog: Daily Blog #659: Sunday Funday 4/7/19 - Dropbox Audit Logs Challenge David Cowenhttp://www.blogger.com/profile/17629115910611763170noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-1466903740262764947.post-20438503834645472822019-04-09T20:34:37.814-05:002019-04-09T20:34:37.814-05:00Daily Blog 659 Challenge Question Answer:
Question...Daily Blog 659 Challenge Question Answer:<br />Question: <br />For Dropbox Audit logs what all data can you determine about someone who was logged in?<br />What allows you to unique identify a file?<br />Answer:<br />Dropbox Audit Logs or Activity Logs are a feature of the Dropbox business accounts. The Advanced Team accounts include file level Audit logs as a part of the paid service. These logs are accessible from the Account Console which available the account administrator or administrators. The console provides very detailed information about team member’s usage of the account and nearly all facets of the members’ interactions are recorded and can be reviewed. The following items can be viewed in the Console of an advanced account regarding FILES:<br />Added a file<br />Added a file to their Dropbox<br />Added a file to their Dropbox (non-team member)<br />Added a folder<br />Allowed anyone to view links to files in a shared folder<br />Allowed file request emails for the team<br />Allowed non collaborators to view links to files in a shared folder<br />Allowed only team members to view links to files in a shared folder<br />Changed a file request<br />Closed a file request<br />Copied a file<br />Copied a file to their Dropbox<br />Copied a file to their Dropbox (non-team member)<br />Copied a folder<br />Created a link to a file using an app<br />Created a new file request<br />Deleted a file<br />Deleted a file comment<br />Deleted a folder<br />Disabled file requests<br />Downloaded a file (non-team member)<br />Downloaded files<br />Edited files<br />Enabled file request emails for everyone<br />Enabled file requests<br />Failed to delete some files remotely<br />File added to a showcase<br />File downloaded (non-team member) from a showcase<br />File downloaded (team member) from a showcase<br />File in showcase viewed by non-team member<br />File in showcase viewed by team member<br />File removed from a showcase<br />Liked a file comment<br />Made a file viewable only to members of the file<br />Made a file viewable only to team members with the link<br />Made a file viewable to anyone with the link<br />Moved a file<br />Moved a folder<br />Multiple files downloaded (non-team member) from a showcase<br />Multiple files downloaded (team member) from a showcase<br />Opened a file (non-team member)<br />Prevented non-team members from viewing links to files in a shared folder<br />Previewed files<br />Received files via file request<br />Received files via file request<br />Renamed a file<br />Renamed a folder<br />Requested access to a file (non-team member)<br />Resolved a file comment<br />Restored a file<br />Restored a folder<br />Restored a resolved file comment<br />Reverted files to a previous version<br />Rolled back file changes<br />Subscribed to file comment notifications<br />Successfully deleted some files remotely<br />Unliked a file comment<br />Unsubscribed from file comment notifications<br /><br />Additionally, the audit logs maintain information about the users themselves. An administrator can see the following regarding member uses:<br />The date and time of the event<br />The member who initiated the event<br />The details of the event<br />The location in the form of an IP address of the team member<br />The logs detail who are the active team members of the last 28 days, the number of shared folders over the last 28 days, how much storage space is used, the number of links created, and a log of what devices are accessing the account over the previous 28 days. From the console you can also monitor password changes, sign ins, connected apps, changes in sharing, changes in groups, and changes in membership. <br /><br />The files specific path and file name along with the connected user interactions would allow an administrator to identify a file in the log data.<br /><br />The information for this initial and feeble attempt at an answer was gathered from poking around the internet and reading Dropbox.com helps files, Dropboxforum posts and two blogs written by “Kevin” on metadatum.wordpress.com (who actual cites the author of this challenge in his 2013 post about Dropbox forensics.) <br />Michaelhttps://www.blogger.com/profile/16772686342450415351noreply@blogger.com