Chromebook Forensic Acquisition

0
Updated
DFIR Review

Research

White papers
  • Chromebook
  • DFIR Review
  • Imaging

This document is provided to the general Computer Forensic community as a starting point to incite further research by others in the community, with the goal of further refining these procedures and developing additional procedures. This document contains three main sections. The first section explains the importance of obtaining all available cloud data from Google either via legal process or via consent through the Google self-service “Takeout” mechanism. The second section provides scripts and instructions on capturing a decrypted logical backup of all encrypted data on a Chromebook/Chromebox if you have the username(s) and password(s) for the accounts on the Chromebook/Chromebox. The final section provides scripts and instructions on capturing a full physical disk clone of a Chromebook/Chromebox in some very limited situations. Please see each section for complete details.

Attachments

  • File Description
    File Size
    File Type
    Downloads
  • Chromebook Forensic Acquisition
    5 MB
    41