Hello! I am a final year student looking to do my dissertation in cloud storage forensic and wondering whether Autopsy is capable of finding artefacts for cloud storage? Could you let me know if Autopsy is something i could use ?
At this point, the only thing that Autopsy will do out of the box is identify cloud storage applications based on executable programs that may be on the system you are examining.
Here is the list of applications it will look for autopsy/Cloud Storage.xml at develop · sleuthkit/autopsy · GitHub I also believe there is a 3rd party python module that mey look at Google drive stuff. Other than that you are welcome to develop a 3rd party module to do what you want.
@jamieslack, elaborating on what @Mark_McKinnon said (thanks, Mark!), the capability Mark is describing appears in the GUI as follows:
