Child Item

How to read .dropbox.device file?

From discussions here I see that the `.dropbox.device` is used to remember the settings for a particular drive.

I am performing forensics on a recovered USB drive. It has a `.dropbox.device` file on it now. This is obviously evidence that the USB drive was plugged in to a computer running DropBox.

The question is what can I learn from reading this file? It's in an unknown binary format so I need some sort of tool to read it. Is there a developer tool like this that I can get access to?

Things I would want to learn:

Were files from the USB uploaded?
What DropBox user account accessed this device?

This sort of information would help me to determine if someone has compromised information from this device and who!

Find more posts tagged with

Developer

Accepted answers

Jay

Hi @Dirty_White_Hat, currently there isn't any method to format the .dropbox.device file in a readable format for security and privacy purposes.

If you wish, you can suggest this change for others to vote on, so the dev team can look into this in future.

All comments

Mark

There is no tool to access this I'm afraid its an encrypted part of the Dropbox system and that is it.

Dirty_White_Hat

Oof, well someone on the developer team has the ability to read it. It sounds like you're saying it's not going to be released to the public.

Jay

Hi @Dirty_White_Hat, currently there isn't any method to format the .dropbox.device file in a readable format for security and privacy purposes.

If you wish, you can suggest this change for others to vote on, so the dev team can look into this in future.

Dirty_White_Hat

Thanks @Jay

I have made my suggestion here: https://www.dropboxforum.com/t5/Dropbox-ideas/Release-a-tool-to-analyze-dropbox-device-files/idi-p/610712#M75142