Box Drive is a cloud-based file management app that provides users with direct access to their Box account files from their desktop computers. With Box Drive, users can preview, edit, and collaborate on their cloud-based files in real-time, as if they were stored on their local computers. This tool is equipped with features such as version history and commenting, making it an effective tool for teams collaboration.
The forensic value of Box Drive lies in its centralized storage of documents and electronic communications that can serve as critical evidence. Having the ability to access these files gives investigators a huge advantage in a forensic investigation. In addition, with the help of Box Drive's version history feature, investigators can track changes to files over time, ensuring the accuracy of data.
BoxDrive artifacts are found in the following location:
%systempartititon%\ Users\%username%\ AppData\Local\Box\Box\data
This section will discuss how to use ArtiFast to extract BoxDrive from Windows and what kind of digital forensics insights we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select BoxDrive artifacts.
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Window BoxDrive artifacts in ArtiFast.
Box Items Artifact
Box Local Events Artifact
Box Local Items Artifact
Box FS Nodes Artifact
Box Preferences Artifact
Box Logs Artifact
For more information or suggestions please contact: firstname.lastname@example.org