It is no secret that many tech companies, including Google, collect an inordinate amount of data about their users. It make sense, knowing it’s userbase is Google’s core business and allows them to more effectively serve customers and enhance their service offerings. Where then is all of that information and how, as investigators, can we access it? When it comes to preserving Google accounts, most begin and end their investigation with Google’s Takeout feature. While Takeout is indeed a great and useful tool, it isn’t the only option we have when it comes to collecting data associated with Google accounts.
In the previous post (accessible here), we introduced Box, the various applications we can use with it, and browsing artifacts generated by it. In this post, we will introduce Box Edit and Box Sync which can be used to interact with Box locally on Windows. Let’s jump right in with Box Edit.
Cloud storage, like email before it, has gained wide acceptance and general adoption by consumers. Whether that is Google Drive, Amazon Drive, iCloud, Dropbox, or OneDrive, there are abundant options from which to choose from. One reason these services have become popular is the ease at which you can share and access important files on any device. That same benefit, however, can be used with malicious intent to extradite data from corporate or protected environments. In this post, we will explore the Box cloud service on Windows and discuss artifacts created as a by-product of its usage.