Data

Tools

Indexes

Applications

Experiments

Open Source Science

cloud-forensics-google-drive

Simple PoC for cloud forensics (study project; IMT4114) using the Google Drive API to retrieve files meta data and file changes, outputting it to JSON.

https://github.com/orjanj/cloud-forensics-google-drive

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (13.2%) to scientific vocabulary

Keywords

api cloud forensics gdrive python
Last synced: 6 months ago · JSON representation ·

Repository

Simple PoC for cloud forensics (study project; IMT4114) using the Google Drive API to retrieve files meta data and file changes, outputting it to JSON.

Basic Info
  • Host: GitHub
  • Owner: orjanj
  • Language: Python
  • Default Branch: main
  • Homepage:
  • Size: 20.5 KB
Statistics
  • Stars: 1
  • Watchers: 1
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Topics
api cloud forensics gdrive python
Created over 2 years ago · Last pushed about 2 years ago
Metadata Files
Readme Citation

README.md

PoC for cloud forensics

This repository is a PoC for using Google Drive API through Python to retrieve metadata about files and file changes in Google Drive, as a study project in Introduction to Digital Forensics.

The only scope for this was to identify changes regarding checksums (if changes are done, and then reverted; a really simple test, really). Also, looking whether revisions of files were changed separately to ensure that the files were "forensicly safe".

Prerequisits (pr. 23.11.2023)

  • Created a Google Cloud project
  • A Google account with Google Drive enabled
  • Python 3.10.7 or greater
  • pip package management tool installed
References:

https://developers.google.com/drive/api/quickstart/python#prerequisites

Setting up environment

  1. Enable the Google Drive API (follow these steps)
  2. Configure OAuth (follow these steps)
  3. Authorize credentials for desktop application (follow these steps)
  4. Download the credentials.json file, and add the file to the json directory

Note: If you have a token.json from before, and it's a while since last login, this file must be removed to generate a new.

  1. Run the following command to install required Python libraries: bash pip3 install -r requirements.txt

  2. Copy the example environment file to .env and change parameters (if you want to use other directories than default)

Run the script and fetch the output JSON files

  1. Log in to the given Google Drive account in the preferred web browser.

  2. Run the following command in a terminal (tested with Bash and Linux): bash python3 main.py

  3. You will be prompted with a message like this in the terminal: Please visit this URL to authorize this application: https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=<CLIENT_ID>.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A43519%2F&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.appdata&state=dAnko28YG2JEBFH8zb7SLn7YlJDRwX&access_type=offline

  4. This will open the browser and you have to grant access to the data by selecting the given scopes, such as:

  5. See, change or delete files on Google Drive, and create new

  6. See, add and delete configuration data in your Google Drive account

  7. See information about your Google Drive files

  8. A message like this will appear:

The authentication flow has completed. You may close this window.

  1. The browser window could now be closed, and you should see a fresh token.json file created in the json folder

  2. The output to the forensics-output will appear as to files such as this: bash ls -l forensics-output/ -rw-rw-r-- 1 user user 1234 nov. 18 13:37 20231120133706_file_list.json -rw-rw-r-- 1 user user 31337 nov. 18 13:37 20231120133707_file_changes.json

Owner

  • Name: Ørjan Jacobsen
  • Login: orjanj
  • Kind: user
  • Location: Oslo, Norway
  • Company: @TelenorNorway

Fullstack developer @telenornms. MSc infosec student, volunteering as dev @gathering, BSc Cyber Security.

Citation (CITATION.cff) 

cff-version: 1.2.0
date-released: 2023-11-23
title: cloud-forensics-google-drive
message: Please cite this software using these metadata.
type: software
authors:
  - given-names: Ørjan
    family-names: Jacobsen
repository-code: 'https://github.com/orjanj/cloud-forensics-google-drive'
url: 'https://github.com/orjanj/cloud-forensics-google-drive'
abstract: >-
  Simple PoC for cloud forensics (study 
  project) using the Google Drive API to 
  retrieve files meta data and file changes, 
  outputting it to JSON.
keywords:
  - python
  - api
  - cloud
  - forensics
  - gdrive

GitHub Events

Total
  • Watch event: 1
Last Year
  • Watch event: 1

Dependencies

requirements.txt pypi
  • google-api-python-client *
  • google-auth-httplib2 *
  • google-auth-oauthlib *
  • python-dotenv *