In the last post, we discussed a number of valuable Google account artifacts that are not necessarily captured in a Google Takeout. One of the these, the Google Activity Log, is a unified timeline containing cards for various Google services associated with the account. Chief among these artifacts were Chrome internet history, Android application usage, and audio recordings of the user interacting with Google Assistant or Google Home products. While this information can be queried and filtered online with access to the account, what can we do to collect this information offline to review at a later date? Here’s one solution.
It is no secret that many tech companies, including Google, collect an inordinate amount of data about their users. It make sense, knowing it’s userbase is Google’s core business and allows them to more effectively serve customers and enhance their service offerings. Where then is all of that information and how, as investigators, can we access it? When it comes to preserving Google accounts, most begin and end their investigation with Google’s Takeout feature. While Takeout is indeed a great and useful tool, it isn’t the only option we have when it comes to collecting data associated with Google accounts.
In the previous post (accessible here), we introduced Box, the various applications we can use with it, and browsing artifacts generated by it. In this post, we will introduce Box Edit and Box Sync which can be used to interact with Box locally on Windows. Let’s jump right in with Box Edit.
Cloud storage, like email before it, has gained wide acceptance and general adoption by consumers. Whether that is Google Drive, Amazon Drive, iCloud, Dropbox, or OneDrive, there are abundant options from which to choose from. One reason these services have become popular is the ease at which you can share and access important files on any device. That same benefit, however, can be used with malicious intent to extradite data from corporate or protected environments. In this post, we will explore the Box cloud service on Windows and discuss artifacts created as a by-product of its usage.