This repository is a PoC for using Google Drive API through Python to retrieve metadata about files and file changes in Google Drive, as a study project in Introduction to Digital Forensics.
The only scope for this was to identify changes regarding checksums (if changes are done, and then reverted; a really simple test, really). Also, looking whether revisions of files were changed separately to ensure that the files were "forensicly safe".
- Created a Google Cloud project
- A Google account with Google Drive enabled
- Python 3.10.7 or greater
- pip package management tool installed
https://developers.google.com/drive/api/quickstart/python#prerequisites
- Enable the Google Drive API (follow these steps)
- Configure OAuth (follow these steps)
- Authorize credentials for desktop application (follow these steps)
- Download the
credentials.json
file, and add the file to the json directory
Note: If you have a token.json
from before, and it's a while since last login, this file must be removed to generate a new.
- Run the following command to install required Python libraries:
pip3 install -r requirements.txt
- Copy the example environment file to
.env
and change parameters (if you want to use other directories than default)
-
Log in to the given Google Drive account in the preferred web browser.
-
Run the following command in a terminal (tested with Bash and Linux):
python3 main.py
- You will be prompted with a message like this in the terminal:
Please visit this URL to authorize this application: https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=<CLIENT_ID>.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A43519%2F&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.appdata&state=dAnko28YG2JEBFH8zb7SLn7YlJDRwX&access_type=offline
- This will open the browser and you have to grant access to the data by selecting the given scopes, such as:
- See, change or delete files on Google Drive, and create new
- See, add and delete configuration data in your Google Drive account
- See information about your Google Drive files
- A message like this will appear:
The authentication flow has completed. You may close this window.
-
The browser window could now be closed, and you should see a fresh token.json file created in the json folder
-
The output to the forensics-output will appear as to files such as this:
ls -l forensics-output/
-rw-rw-r-- 1 user user 1234 nov. 18 13:37 20231120133706_file_list.json
-rw-rw-r-- 1 user user 31337 nov. 18 13:37 20231120133707_file_changes.json