DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts

DriveFS Sleuth automates the investigation of Google Drive File Stream disk artifacts. The tool can parse the disk artifacts and build a filesystem tree-like structure enumerating the synchronized files along with their respective properties. “While engaged in a threat-hunting activity for a client to detect the misuse of file-syncing applications within their network, I identified the unauthorized use of Google Drive File Stream. Despite the noteworthy collaborative capabilities offered by such tools, they pose a … More →

The post DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts appeared first on Help Net Security.