Forensic Acquisition of Google Accounts
Acquire information from users’ Google Account with a simple all-in-one tool! Elcomsoft Cloud Explorer makes it easier to download, view and analyze information collected by the search giant, providing convenient access to users’ search and browsing history, page transitions, contacts, Google Keep notes, Hangouts messages, as well as images stored in the user’s Google Photos account.
Google collects massive amounts of information from registered customers. Elcomsoft Cloud Explorer extracts information from the many available sources, parses and assembles the data, presenting information in human-readable form.
Google Data in Digital Forensics
Cloud forensics is an emerging area to forensic experts and IT security officers. The amount of data generated by consumers using the many online services is hard to underestimate. This data can become extremely valuable for an investigation of criminal cases and security breaches of IT infrastructure.
Online services are increasingly used by consumers, including those of a criminal kind. Cloud service providers such as Google retain astonishing amounts of data that literally follow their users’ every step. Acquiring this evidence from cloud storage services can be a challenge. Viewing, discovering and analyzing the data may present yet another challenge if the investigator lacks tools and knowledge.
Elcomsoft Cloud Explorer was designed specifically to address those limitations. Requiring no special expertise and no prior training, Elcomsoft Cloud Explorer falls into the category of all-in-one tools offering one-click downloading and easy viewing of information. The tool comes with everything you need to investigate information that Google has about a suspect.
What Is Extracted
Elcomsoft Cloud Explorer offers over-the-air acquisition for a wide range of Google services including all of the following:
- User Profile and other info
- Messages (Google Hangouts)
- Text messages (SMS) (Android 8.0 Oreo and newer for all smartphones; Android 7 or newer for Google Pixel and Pixel XL)
- Call logs
- Saved Wi-Fi credentials (SSID and passwords)
- Email messages (Gmail) via Gmail API
- Contacts (including synced contacts from mobile devices)
- Notes (Google Keep)
- Search History (including Web sites visited after firing up the search)
- Google Chrome data (synced bookmarks, Web forms, logins and passwords, page transitions)
- Media (images and videos from Google Photos) for specified period
- Location history including enhanced mapping data (Routes and Places)
- Files and documents from Google Account
In other words, what you get is a comprehensive snapshot of user activities in Google services including searches made in non-Google browsers while the user was logged in to their Google Account.
Some parts of this data may be encrypted with an additional password. Elcomsoft Cloud Explorer can decrypt information if the correct password is supplied.