±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36096
New Yesterday: 7 Visitors: 159

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Gmail browser options

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

jblakley
Senior Member
 

Gmail browser options

Post Posted: May 05, 18 17:41

All,

What options does one have to recover gmail artifacts if it was a browser login? I’ve carved out files from a memory dump, but I haven’t found any webmail related artifacts. I’ve seen several accesses to gmail, but unable to find anything useful in the image. Does anyone recommend any tools that may be able to rebuild from cache files? Encase isn’t showing me much, and I may be at a dead end.

Thanks!  
 
  

Igor_Michailov
Senior Member
 

Re: Gmail browser options

Post Posted: May 05, 18 20:10

AXIOM, Belkasoft can recover Gmail artifacts.
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 
 
  

jblakley
Senior Member
 

Re: Gmail browser options

Post Posted: May 05, 18 21:13

Thanks! I’ll take a look to see if they have a demo.  
 
  

jblakley
Senior Member
 

Re: Gmail browser options

Post Posted: May 07, 18 14:12

It appears that Axiom wants to be licensed even though it let me download it. Belkansoft installed, but refuses to license under a VM. I installed it on a physical machine and imported the E01 file into it and let it run. It found the activity, but it doesn't appear to have cached anything related to Gmail. Any other suggestions? I'm still waiting for Magnet to get back in touch with me for IEF. I'm not sure if it will help or not...

Thanks!  
 
  

passcodeunlock
Senior Member
 

Re: Gmail browser options

Post Posted: May 07, 18 14:42

I think you face a "private browsing" issue, that is why you find no artifacts.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

jblakley
Senior Member
 

Re: Gmail browser options

Post Posted: May 07, 18 15:03

- passcodeunlock
I think you face a "private browsing" issue, that is why you find no artifacts.


Thanks! I have history though, so I'm not sure this is the issue. If it were, is there a registry entry that can confirm it was in incognito mode?  
 
  

passcodeunlock
Senior Member
 

Re: Gmail browser options

Post Posted: May 07, 18 15:05

Not really, the purpose of the private browsing is to leave no trails after the browser shutdown.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 

Page 1 of 2
Page 1, 2  Next