Cloud computing technology is rapidly growing globally and many businesses are starting to adopt cloud computing to leverage the computing power and cost of operation. Therefore, cloud-based storage services are gaining popularity among organizations and people since they provide simplicity in storing and transferring data across several geographical locations at a low cost. However, with the difficulties in retrieving artifacts of evidential and economic value from cloud providers, cloud storage has become a target for cybercriminals for exploitation. As a result, artifacts from the client's computer might offer valuable evidence on which to build a case. This study looked into the artifacts left by Evernote, a widely known cloud storage service, on Windows 10. The study used dead and live forensics to identify Evernote artifacts on Windows 10 for several situations such as Evernote install, file upload, file delete, and uninstall. Investigating these leftovers provides digital forensics investigators with a comprehensive grasp of the traces that are likely to persist and their evidential and business value. The Evernote installer files, link files, browser, registry, prefetch files, and network traffic were identified as possible sources of information throughout the investigation. The traces discovered in the research can help in a criminal probe involving Evernote because they offer valuable information in trying to recreate the crime scene, and establish a chronology of occurrences, as well as knowledge of how to avoid such incidents in the future.

show more