New artifacts added

Author: tonmoy0010

artifacts/browser/tor.yml

@@ -0,0 +1,101 @@
+title: "Tor Browser Privacy Configuration"
+category: "browser"
+description: "Tor Browser settings, anonymity preferences, and privacy-focused browsing configuration"
+
+paths:
+  - "HKCU\\Software\\Mozilla\\Firefox\\Profiles\\*\\Tor Browser"
+  - "HKLM\\SOFTWARE\\Mozilla\\Firefox\\Tor Browser"
+  - "HKCU\\Software\\Classes\\TorBrowser"
+  - "HKLM\\SOFTWARE\\Classes\\TorBrowser"
+
+details:
+  what: |
+    Tor Browser manages privacy-focused web browsing including anonymity settings,
+    proxy configurations, security levels, and anti-tracking preferences. Registry
+    stores installation data, security configurations, bridge settings, and privacy
+    preferences for comprehensive anonymous browsing analysis and privacy-conscious
+    internet usage behavior tracking in sensitive or security-focused environments.
+
+  forensic_value: |
+    Critical for investigating privacy-conscious behavior, potential anonymous
+    communications, dark web access, and security-aware browsing patterns. Shows
+    evidence of anonymity-seeking behavior, privacy tool usage, potential illicit
+    activities, and can indicate attempts to evade monitoring, access restricted
+    content, or maintain operational security in sensitive investigations.
+
+  structure: |
+    Tor Browser configuration includes proxy settings, security level preferences,
+    bridge configurations, and anonymity options. Privacy settings track JavaScript
+    restrictions, plugin blocking, and anti-fingerprinting measures for comprehensive
+    privacy-focused browsing behavior analysis and security-conscious user profiling.
+
+  examples:
+    - "InstallPath: C:\\Users\\user\\Desktop\\Tor Browser"
+    - "SecurityLevel: Safest (Highest security configuration)"
+    - "BridgeSettings: obfs4 (Pluggable transport bridges)"
+    - "NoScript: 1 (JavaScript blocking enabled)"
+    - "Letterboxing: 1 (Anti-fingerprinting protection)"
+    - "ProxyType: SOCKS5 (Tor proxy configuration)"
+    - "ExitCountry: {us} (Preferred exit node country)"
+
+  tools:
+    - name: "Tor Browser"
+      description: "Privacy-focused web browser for anonymous browsing"
+    - name: "Tor Network Status"
+      description: "Tools for monitoring Tor network connectivity and status"
+    - name: "Registry Explorer"
+      url: "https://ericzimmerman.github.io/#!index.md"
+      description: "Advanced registry analysis and browsing tool"
+
+metadata:
+  windows_versions:
+    - "Windows XP"
+    - "Windows Vista"
+    - "Windows 7"
+    - "Windows 8"
+    - "Windows 8.1"
+    - "Windows 10"
+    - "Windows 11"
+
+  introduced: "Tor Browser"
+  
+  criticality: "high"
+
+  investigation_types:
+    - "behavioral-analysis"
+    - "incident-response"
+    - "malware-analysis"
+
+  tags:
+    - "tor"
+    - "privacy"
+    - "anonymity"
+    - "dark-web"
+    - "security"
+    - "anti-surveillance"
+    - "onion-routing"
+
+  references:
+    - title: "Tor Project"
+      url: "https://www.torproject.org/"
+      type: "official"
+
+  retention:
+    default_location: "Registry hive files (SOFTWARE, NTUSER.DAT)"
+    persistence: "Privacy settings persist until manual reconfiguration"
+    volatility: "Anonymity tool usage provides evidence of privacy-conscious behavior"
+
+  related_artifacts:
+    - "privacy_tools"
+    - "browser_security"
+    - "anonymity_software"
+
+author:
+  name: "Tonmoy Jitu"
+  github: "tonmoy0010"
+  x: "tonmoy0010"
+
+contribution:
+  date_added: "2025-06-08"
+  last_updated: "2025-06-08"
+  version: "1.0"

artifacts/cloud/box_sync.yml

@@ -0,0 +1,98 @@
+title: "Box Sync and Drive Client"
+category: "cloud"
+description: "Box Sync and Box Drive configuration, enterprise integration, and file synchronization"
+
+paths:
+  - "HKCU\\Software\\Box\\Box"
+  - "HKLM\\SOFTWARE\\Box\\Box Edit"
+  - "HKLM\\SOFTWARE\\Box\\Box Sync"
+  - "HKCU\\Software\\Box\\Box Drive"
+
+details:
+  what: |
+    Box Sync and Box Drive manage enterprise cloud storage synchronization including
+    folder mapping, authentication with Box enterprise accounts, collaboration settings,
+    and security policies. Registry tracks installation configurations, user credentials,
+    folder sync preferences, and Box Edit integration for comprehensive enterprise
+    content management and secure file sharing in business environments.
+
+  forensic_value: |
+    Critical for investigating enterprise data exfiltration, unauthorized access to
+    Box repositories, and violation of corporate data governance policies. Shows evidence
+    of Box usage in enterprise environments, shared folder access, collaboration
+    activities, and potential data leakage through Box platform. Essential for analyzing
+    insider threats and unauthorized data sharing in corporate settings.
+
+  structure: |
+    Box configuration includes enterprise account identifiers, sync folder locations,
+    collaboration permissions, security settings, and Box Edit integration preferences.
+    Enterprise policies control access restrictions, sharing permissions, and data
+    governance compliance for comprehensive Box platform security management.
+
+  examples:
+    - "BoxSyncPath: C:\\Users\\user\\Box Sync"
+    - "BoxDrivePath: B:\\ (Box Drive mount point)"
+    - "EnterpriseID: company.app.box.com (Enterprise Box instance)"
+    - "UserEmail: [email protected] (Box enterprise account)"
+    - "CollaborationEnabled: 1 (File collaboration allowed)"
+    - "BoxEditEnabled: 1 (Box Edit integration active)"
+    - "OfflineAccess: 0 (Offline file access disabled)"
+
+  tools:
+    - name: "Box Sync/Drive Settings"
+      description: "Built-in Box application configuration interface"
+    - name: "Box Admin Console"
+      description: "Enterprise Box administration and audit capabilities"
+    - name: "Registry Explorer"
+      url: "https://ericzimmerman.github.io/#!index.md"
+      description: "Advanced registry analysis and browsing tool"
+
+metadata:
+  windows_versions:
+    - "Windows 7"
+    - "Windows 8"
+    - "Windows 8.1"
+    - "Windows 10"
+    - "Windows 11"
+
+  introduced: "Box Sync Client"
+  
+  criticality: "medium"
+
+  investigation_types:
+    - "data-exfiltration"
+    - "insider-threat"
+    - "behavioral-analysis"
+
+  tags:
+    - "box"
+    - "enterprise-storage"
+    - "collaboration"
+    - "file-sharing"
+    - "box-drive"
+    - "data-governance"
+
+  references:
+    - title: "Box Drive Documentation"
+      url: "https://support.box.com/hc/en-us/sections/360007415174-Box-Drive"
+      type: "official"
+
+  retention:
+    default_location: "Registry hive files (SOFTWARE, NTUSER.DAT)"
+    persistence: "Enterprise configurations persist per corporate policies"
+    volatility: "Collaboration activity provides enterprise data sharing intelligence"
+
+  related_artifacts:
+    - "enterprise_storage"
+    - "file_collaboration"
+    - "data_governance"
+
+author:
+  name: "Tonmoy Jitu"
+  github: "tonmoy0010"
+  x: "tonmoy0010"
+
+contribution:
+  date_added: "2025-06-08"
+  last_updated: "2025-06-08"
+  version: "1.0"

artifacts/cloud/dropbox_desktop.yml

@@ -0,0 +1,98 @@
+title: "Dropbox Desktop Client"
+category: "cloud"
+description: "Dropbox desktop application configuration, sync settings, and account management"
+
+paths:
+  - "HKCU\\Software\\Dropbox"
+  - "HKLM\\SOFTWARE\\Dropbox"
+  - "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Dropbox"
+  - "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Dropbox"
+
+details:
+  what: |
+    Dropbox Desktop Client manages file synchronization configuration including sync folder
+    locations, account authentication, selective sync preferences, bandwidth controls,
+    and LAN sync settings. Registry stores installation paths, user credentials, team
+    folder configurations, and Smart Sync behavior for comprehensive cloud storage
+    management and collaborative file sharing across multiple devices and platforms.
+
+  forensic_value: |
+    Essential for investigating data exfiltration through Dropbox, unauthorized file
+    sharing with external parties, and intellectual property theft. Shows evidence of
+    Dropbox usage patterns, shared folder access, team memberships, and potential data
+    leakage vectors. Can reveal deliberate data theft through personal Dropbox accounts
+    or unauthorized sharing of sensitive corporate information.
+
+  structure: |
+    Dropbox configuration includes account identifiers, sync folder paths, selective
+    sync exclusions, bandwidth settings, LAN sync preferences, and Smart Sync policies.
+    Team configuration shows business account integration, shared folder access, and
+    administrative controls for enterprise Dropbox management.
+
+  examples:
+    - "DropboxPath: C:\\Users\\user\\Dropbox"
+    - "AccountEmail: [email protected] (Business Dropbox account)"
+    - "AccountEmail: [email protected] (Personal Dropbox account)"
+    - "SelectiveSync: {Private, Confidential} (Excluded folders)"
+    - "LanSync: 1 (Local network synchronization enabled)"
+    - "SmartSync: 1 (Online-only files enabled)"
+    - "BandwidthLimit: 100 (Upload limit in KB/s)"
+
+  tools:
+    - name: "Dropbox Desktop Preferences"
+      description: "Built-in Dropbox configuration and account management"
+    - name: "Registry Explorer"
+      url: "https://ericzimmerman.github.io/#!index.md"
+      description: "Advanced registry analysis and browsing tool"
+    - name: "Dropbox Business Admin Console"
+      description: "Enterprise Dropbox monitoring and audit tools"
+
+metadata:
+  windows_versions:
+    - "Windows 7"
+    - "Windows 8"
+    - "Windows 8.1"
+    - "Windows 10"
+    - "Windows 11"
+
+  introduced: "Dropbox Desktop Client"
+  
+  criticality: "medium"
+
+  investigation_types:
+    - "data-exfiltration"
+    - "insider-threat"
+    - "behavioral-analysis"
+
+  tags:
+    - "dropbox"
+    - "cloud-storage"
+    - "file-sharing"
+    - "team-folders"
+    - "smart-sync"
+    - "data-exfiltration"
+
+  references:
+    - title: "Dropbox Desktop App"
+      url: "https://help.dropbox.com/desktop/get-started"
+      type: "official"
+
+  retention:
+    default_location: "Registry hive files (SOFTWARE, NTUSER.DAT)"
+    persistence: "Sync settings persist until manually changed or app removal"
+    volatility: "Real-time sync activity provides data movement evidence"
+
+  related_artifacts:
+    - "file_access_history"
+    - "browser_downloads"
+    - "recent_documents"
+
+author:
+  name: "Tonmoy Jitu"
+  github: "tonmoy0010"
+  x: "tonmoy0010"
+
+contribution:
+  date_added: "2025-06-08"
+  last_updated: "2025-06-08"
+  version: "1.0"

artifacts/cloud/google_drive_desktop.yml

@@ -0,0 +1,99 @@
+title: "Google Drive Desktop Client"
+category: "cloud"
+description: "Google Drive for Desktop configuration, sync settings, and account information"
+
+paths:
+  - "HKCU\\Software\\Google\\Drive"
+  - "HKCU\\Software\\Google\\DriveFS"
+  - "HKLM\\SOFTWARE\\Google\\Drive"
+  - "HKLM\\SOFTWARE\\Google\\Update\\Clients\\{E5972223-1C8E-4C23-8010-F2B6F9F24818}"
+
+details:
+  what: |
+    Google Drive Desktop Client stores synchronization configuration including sync folder
+    locations, account authentication data, selective sync preferences, bandwidth settings,
+    and file stream configurations. Registry tracks installation paths, user accounts,
+    Google Workspace integration, backup settings, and Drive File Stream behavior for
+    comprehensive cloud storage management and file synchronization across devices.
+
+  forensic_value: |
+    Critical for investigating data exfiltration through Google Drive, unauthorized file
+    sharing to personal accounts, and intellectual property theft. Shows evidence of
+    Google Drive usage patterns, synced folder locations, account associations, and
+    potential data leakage vectors. Can reveal deliberate or accidental exposure of
+    sensitive corporate data through personal Google accounts and unauthorized synchronization.
+
+  structure: |
+    Google Drive configuration includes account identifiers, sync root paths, selective
+    sync folder lists, bandwidth throttling settings, and Drive File Stream mounting
+    options. Installation data provides version information, update preferences, and
+    integration settings for comprehensive Google Drive behavior analysis.
+
+  examples:
+    - "SyncRootPath: C:\\Users\\user\\Google Drive"
+    - "Account: [email protected] (Google Workspace account)"
+    - "Account: [email protected] (Personal Google account)"
+    - "DriveFS MountPoint: G:\\ (Drive File Stream mount)"
+    - "SelectiveSync: {folder1, folder2} (Only specific folders synchronized)"
+    - "BandwidthRx: 1024 (Download bandwidth limit in KB/s)"
+    - "BandwidthTx: 512 (Upload bandwidth limit in KB/s)"
+
+  tools:
+    - name: "Google Drive Desktop Settings"
+      description: "Built-in Google Drive configuration interface"
+    - name: "Registry Explorer"
+      url: "https://ericzimmerman.github.io/#!index.md"
+      description: "Advanced registry analysis and browsing tool"
+    - name: "Google Takeout"
+      url: "https://takeout.google.com"
+      description: "Google data export tool for comprehensive analysis"
+
+metadata:
+  windows_versions:
+    - "Windows 7"
+    - "Windows 8"
+    - "Windows 8.1"
+    - "Windows 10"
+    - "Windows 11"
+
+  introduced: "Google Drive Desktop (2021)"
+  
+  criticality: "medium"
+
+  investigation_types:
+    - "data-exfiltration"
+    - "insider-threat"
+    - "behavioral-analysis"
+
+  tags:
+    - "google-drive"
+    - "cloud-storage"
+    - "data-sync"
+    - "file-sharing"
+    - "google-workspace"
+    - "data-exfiltration"
+
+  references:
+    - title: "Google Drive Desktop Documentation"
+      url: "https://support.google.com/drive/answer/7329379"
+      type: "official"
+
+  retention:
+    default_location: "Registry hive files (SOFTWARE, NTUSER.DAT)"
+    persistence: "Configuration persists until application removal or account changes"
+    volatility: "Sync activity provides ongoing data movement intelligence"
+
+  related_artifacts:
+    - "browser_downloads"
+    - "recent_documents"
+    - "file_access_history"
+
+author:
+  name: "Tonmoy Jitu"
+  github: "tonmoy0010"
+  x: "tonmoy0010"
+
+contribution:
+  date_added: "2025-06-08"
+  last_updated: "2025-06-08"
+  version: "1.0"