Skip to content
/ cloud-forensics-google-drive Public

Simple PoC for cloud forensics (study project) using the Google Drive API to retrieve files meta data and file changes, outputting it to JSON.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

orjanj/cloud-forensics-google-drive

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
forensics-output
forensics-output
 
 
modules
modules
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
CITATION.cff
CITATION.cff
 
 
README.md
README.md
 
 
main.py
main.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

PoC for cloud forensics

This repository is a PoC for using Google Drive API through Python to retrieve metadata about files and file changes in Google Drive, as a study project in Introduction to Digital Forensics.

The only scope for this was to identify changes regarding checksums (if changes are done, and then reverted; a really simple test, really). Also, looking whether revisions of files were changed separately to ensure that the files were "forensicly safe".

Prerequisits (pr. 23.11.2023)

  • Created a Google Cloud project
  • A Google account with Google Drive enabled
  • Python 3.10.7 or greater
  • pip package management tool installed
References:

https://developers.google.com/drive/api/quickstart/python#prerequisites

Setting up environment

  1. Enable the Google Drive API (follow these steps)
  2. Configure OAuth (follow these steps)
  3. Authorize credentials for desktop application (follow these steps)
  4. Download the credentials.json file, and add the file to the json directory

Note: If you have a token.json from before, and it's a while since last login, this file must be removed to generate a new.

  1. Run the following command to install required Python libraries:
pip3 install -r requirements.txt
  1. Copy the example environment file to .env and change parameters (if you want to use other directories than default)

Run the script and fetch the output JSON files

  1. Log in to the given Google Drive account in the preferred web browser.

  2. Run the following command in a terminal (tested with Bash and Linux):

python3 main.py
  1. You will be prompted with a message like this in the terminal:
Please visit this URL to authorize this application: https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=<CLIENT_ID>.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A43519%2F&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.appdata&state=dAnko28YG2JEBFH8zb7SLn7YlJDRwX&access_type=offline
  1. This will open the browser and you have to grant access to the data by selecting the given scopes, such as:
  • See, change or delete files on Google Drive, and create new
  • See, add and delete configuration data in your Google Drive account
  • See information about your Google Drive files
  1. A message like this will appear:

The authentication flow has completed. You may close this window.

  1. The browser window could now be closed, and you should see a fresh token.json file created in the json folder

  2. The output to the forensics-output will appear as to files such as this:

ls -l forensics-output/
-rw-rw-r-- 1 user user  1234 nov.  18 13:37 20231120133706_file_list.json
-rw-rw-r-- 1 user user 31337 nov.  18 13:37 20231120133707_file_changes.json

About

Simple PoC for cloud forensics (study project) using the Google Drive API to retrieve files meta data and file changes, outputting it to JSON.

Topics

python api cloud forensics gdrive

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages