Hasty Scripts: Capture Google Activity Log

In the last post, we discussed a number of valuable Google account artifacts that are not necessarily captured in a Google Takeout. One of the these, the Google Activity Log, is a unified timeline containing cards for various Google services associated with the account. Chief among these artifacts were Chrome internet history, Android application usage, and audio recordings of the user interacting with Google Assistant or Google Home products. While this information can be queried and filtered online with access to the account, what can we do to collect this information offline to review at a later date? Here’s one solution.

Continue reading “Hasty Scripts: Capture Google Activity Log”

Hasty Scripts: Capture Google Activity Log

500 Words or Less: Getting more from Google Accounts

It is no secret that many tech companies, including Google, collect an inordinate amount of data about their users. It make sense, knowing it’s userbase is Google’s core business and allows them to more effectively serve customers and enhance their service offerings. Where then is all of that information and how, as investigators, can we access it? When it comes to preserving Google accounts, most begin and end their investigation with Google’s Takeout feature. While Takeout is indeed a great and useful tool, it isn’t the only option we have when it comes to collecting data associated with Google accounts.

Continue reading “500 Words or Less: Getting more from Google Accounts”

500 Words or Less: Getting more from Google Accounts

Cloud Forensics: Box Part 1

Cloud storage, like email before it, has gained wide acceptance and general adoption by consumers. Whether that is Google Drive, Amazon Drive, iCloud, Dropbox, or OneDrive, there are abundant options from which to choose from. One reason these services have become popular is the ease at which you can share and access important files on any device. That same benefit, however, can be used with malicious intent to extradite data from corporate or protected environments. In this post, we will explore the Box cloud service on Windows and discuss artifacts created as a by-product of its usage.

Continue reading “Cloud Forensics: Box Part 1”

Cloud Forensics: Box Part 1