Prefetch files are all named using common naming criteria.
#GOOGLE DRIVE APPS LIKE NOTEPAD++ WINDOWS#
Windows stores Prefetch files at \Windows\Prefetch. To determine the execution of the Google drive application by the suspect, there are plethora of artifacts to look out for. \Windows\System32\winevt\Logs\Application.evtxĪmong others “ Backup and Sync From Google.907110330Google,Inc.(NULL)” We can also determine the installation of Google drive on the hard disk of the suspect by viewing the details of the following event log. The version and installation of Google Drive in Window’s Registry can be found at NTUSER.DAT\Software\Google\Drive. The right key to view here is NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Run Let’s check the Registry to see if the sync process starts automatically with the user’s login. NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Run\GoogleDriveSyncįrom the Registry we can obtain the installed version and the user folder.SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders.View the registry hives listed below in the forensic image of the suspect's hard disk. The installation of Google drive creates various keys and values inside the Registry. Here you will find all the native app’s files that store information about the app and the user’s data This is the default folder used for synchronizing the user’s files with Google Drive cloud service Here you will find information about the updates of the application In this folder you will find the executable file of the application Directories created when Google Drive is installed After installing the application, the following entries will be created on the root drive. Google Drive's native app name is Backup and Sync from Google. The storage works in collaboration with Google docs, sheets, and slides, an office suite that allows users to edit the documents, spreadsheets, presentations, and so on, online. The users can also invite others to view, download, and collaborate on the files. through different modes such as desktop client, web portal, mobile applications etc. The service supports various devices including desktops, mobiles, etc. Google drive is an online file storage and sharing service from Google that supports sharing of different types of files such as pictures, videos, documents, spreadsheets,presentations, etc. ARTIFACTS OF GOOGLE DRIVE USAGE IN WINDOWS
0 kommentar(er)
