Forensic Friday – Microsoft 365 and OneDrive Forensic Update
Microsoft 365 and OneDrive Forensic Update
Traditional forensic examinations are focused on the artifacts only located on host systems (host-based forensics) however many of these items may be replicated across different devices if the custodian is using a cloud-based solution to store their data. Many existing digital forensic tools are challenged by the artifacts they discover in these areas and how to read the story these offline files tell. This session will introduce the audience to the challenges faced with identifying remote data and examine artifacts located on the host system when Microsoft 365 is used to access these objects. We will also dive into OneDrive cloud storage options and how to examine locally stored items and the extraction of data in synchronization logs.