Cloud-based Forensic Artifacts: SpiderOak

Posted by:  /  Tags: , ,

Author Name
Frank McClain

Artifact Name
Client Application Artifacts

Artifact/Program Version
SpiderOak 4.4

Cloud-based backup, synchronization, and sharing platform. You can set up and schedule backups of different directories or file types, synchronize files to designated computers, and share with others. Runs on Windows, Mac, Linux, iOS, Android, and Maemo (N900).

A sample of artifacts from the installation and use of SpiderOak 4.4 on a system. This is not exhaustive, but intended to serve as an example of the types of evidence/data that can be found.

Registry Keys
\Software\COMODO\Firewall Pro\Configurations\0\firewall\Policy\34

File Locations
Application Data Files: AppData\Roaming\SpiderOak

Application Executable Files: Program Files (x86)\SpiderOak\ – SpiderOak.exe, windows_dir_watcher.exe

Sync/Backup Files: Any, User-Defined, File Type

Files of Interest

1336254748.22.port, config.dat, config.txt, device_1a.dat, device_2a.dat, dirhash.db, downloads.db, exclude.txt, fs_queue.db, local.dat, oak_20120505145242.log, oak_20120505165227.log, prefs.dat, snapshot.db, Spider_20120505145242.log, Spider_20120505165227.log, Test-skipfilter.db, test.db, test.log, tss_external_orphans_fixed_pandora_sqliite_database, tss_external_orphans_fixed_snapshot.db

Research Links

Forensic Programs of Use
ProcessHacker –
CurrPorts –
Wireshark –
FileInfo –
RegShot –
Registry Decoder –
NetWitness Investigator –
Notepad++ –
SQLiteDBBrowser –
HxD –
HEX Editor –
Encoder –
DCode –
DbVisualizer –
TrID –
File –


Leave a Reply

Your Name: (required)

Your Email: (will not be published) (required)

Your Website:

Your Message:

submit comment