If you think the files you delete from your mobile device and file-sharing service are really gone for good, think again: Researchers from the University of Glasgow have discovered that they could fully recover images, audio files, PDFs, and Word documents deleted from Dropbox, Box, and SugarSync, using both an HTC Android smartphone and an iPhone.
The revelation, outlined in a report titled “Using Smartphones as a Proxy for Forensic Evidence contained in Cloud Storage” [PDF] represents an excellent example as to why companies need to approach both BYOD and cloud adoption with care: In and of themselves, neither end-user mobile devices nor mainstream, consumer-focused file-sharing services are equipped with enterprise-level security, yet employees of all stripes are increasingly using both for work as well as pleasure. Together, they can create perfect storm for data insecurity, as these research results demonstrate.
For the test, researchers George Grispos, Brad Glisson, and Tim Storer created 20 different files of varying types: MP3, MP4,JPG, DOCX, and PDF. They uploaded the files to those services from a Windows 7 PC, then synced up the files with their test devices. From there, they accessed and manipulated the files in various ways, ranging from viewing or playing the files in online mode once to saving them for offline access. They then processed the devices with Universal Forensic Extraction Device (UFED), after which they used forensic tools to extract the files and artifacts from the resulting memory dumps.