Google History Fore...
 
Notifications
Clear all

Google History Forensics

8 Posts
8 Users
0 Likes
480 Views
Jamie
(@jamie)
Posts: 1288
Moderator
 

Google History Forensics

by Craig Ball

In my last Forensic Focus column, I touched on migration to handhelds and the cloud, mushrooming drive capacities and encryption-by-default as just some of the factors auguring the eventual extinction of conventional digital forensics. But an end to old school digital forensics is no threat to examiners who evolve. There will be plenty to do for those adapting their skills and tools to new sources and forms of information. We will learn to read new tea leaves.

Happily, for every source of forensically-rich information that fades away, others emerge. For every MacBook configured to wipe deleted data, there’s an iPhone storing screenshots and typed text. When webmail shooed away some of our ability to locate messaging artifacts, social networking and geolocation wandered in with stories to tell.

Now and then, the emergent sources just seem too good to be true.

Case in point Google History…

Read more

Please use this thread for discussion of Craig's latest column.

 
Posted : 22/08/2011 12:45 am
(@stevemc)
Posts: 1
New Member
 

Good article - note also that your searches on other devices (eg smartphone) will be saved too, once you're logged in to your Google account at the time!

 
Posted : 22/08/2011 7:11 pm
(@jimmyw)
Posts: 64
Trusted Member
 

Great information, but I'm curious about how many folks actually sign up for Google Web History. I don't recall receiving an "invitation" over the course of my Google searches. I also wonder whether there's an artifact on the local system that would reveal whether your user activated this feature. If so, I would think that we could issue a preservation letter and ultimately a warrant to get the information.

 
Posted : 24/08/2011 7:08 am
lucpel
(@lucpel)
Posts: 55
Trusted Member
 

The interesting part of google history is that average users still don't know about it. For example, when you sign up into your youtube account(and you have a google account), you'll automatically activate your google history feature.

Great article

 
Posted : 24/08/2011 10:05 am
(@douglasbrush)
Posts: 812
Prominent Member
 

Here is the link to delete Google web history
https://www.google.com/accounts/DeleteService?service=hist

Would be an interesting URL to look out for on a review/exam and to see if it was used post preservation notice.

 
Posted : 24/08/2011 6:38 pm
(@karl_cheshire)
Posts: 1
New Member
 

Just had sight of this interesting article and had a play with checking out my history using Mozilla browser. 😯

I also have Google Chrome and note that this function is available from the browser as standard after login (spanner icon top left).
opens similar page chrome//history/

Karl

 
Posted : 11/11/2011 5:27 pm
(@forensics_kid)
Posts: 1
New Member
 

There will be two notable hurdles to the proliferation of cloud services. 1) local/state/fed laws will need to keep pace with the changing landscape, meaning they need to address existing laws that typically apply to a local “thing” seized by court order (warrant, subpoena, etc). Such laws will need to have “reach” just as data now has “reach” facilitated by these new cloud-type services. So perhaps when a computer or PDA is seized by warrant or subpoena such seizure extends to all “reach” aspects of the device, such as all Google or Yahoo accounts found on the computer, all twit/twot/book/flick accounts, etc. This changes the legal aspects that such services have to deal with, but so be it. However, to counter the law efforts, the “good” bad guys know how to skate in a dark park making it very difficult for forensics to find much evidence, or at minimum make it so the dots cannot be connected without seemingly ridiculous speculation.

Anyone take a gander at the new Amazon Kindle Fire and how it integrates with the Amazon Cloud? The device doesn't even have a SD card slot so in essence it will coax the owner into using the Cloud because it is "free".

IMHO, clouds are highly "unknown" and will present many challenges from the security side, including forensics. I suspect the progression of laws changing will be the norm, something bad has to happen 1st, then we get new law, etc. Nature of the beast I guess.

 
Posted : 16/11/2011 7:15 am
(@grateful)
Posts: 2
New Member
 

I am currently involved in a case involving YouTube. Doing blackbox testing of Google's system is tricky for me. I created a new account, and then opened a tab to history. As I looked at the recommendations, before I searched or watched anything, I saw items on treadmill repair, and a couple about LifeSpan exercise equipment. I had done a search on how to center the belt on my LifeSpan treadmill desk, from a computer that was behind the same NAT'ing firewall/router. So, I clicked on one recommended video, and left the computer going. After a few hours, I had quite a collection in the watch history. But nothing in the search history. So I am not sure how the in video ads at the end of the videos are monetized, if they are monetized, and what implications that might have. I guess I am saying that I don't know if there is an API to the search history, whereby searches might be generated, vs assuming that all searches are typed searches.

Jim

 
Posted : 04/05/2016 12:58 am
Share: