Private Cloud Storage Forensics: Seafile as a Case Study


Cloud storage forensics is an active research area, and this is unsurprising due to the increasing popularity of cloud storage services (e.g., Dropbox, Google Drive, and iCloud). Existing research generally focuses on public cloud forensics (e.g., client device forensics), rather than private cloud forensics (e.g., both client and server forensics). In this paper, we aim to address the gap by proposing a framework for forensics investigations of private cloud storage services. The proposed framework elaborates on procedures and artefact categories integral to the collection, preservation, analysis, and presentation of key evidential data from both client and server environments. Using the proposed framework to guide the investigation of Seafile, a popular open-source private cloud storage service, we demonstrate the types of client and server side artefacts that can be forensically recovered.