See below for a list of Google Workspace Tools.
| Tool | Description |
|---|---|
| ALFA | ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework. |
| GAM | Command line management for Google Workspace |
See below for a list of Google Workspace Artifacts.
| Artifact or Process | Resource |
|---|---|
| Gmail | Dots do matter: Why dots in Gmail addresses impact Google Workspace investigations |
| Google Chrome | Has the user logged into this account, or not? (Google Chrome’s Login Data-Part 1) |
| Google Chrome | Has the user logged into this account, or not? (Google Chrome’s Web Data-Part 2) |
| Google Chrome | Chrome Media History |
| Google Chrome | Chrome Media History Tracking Your Viewing Habits |
| Google Chrome | Chromium Session Storage and Local Storage |
| Google Chrome | Investigating Google Chrome Web Browser |
| Google Drive | Data Exfiltration Using Google Drive — Forensic Investigation |
| Google Drive | Investigating Google Drive |
| Google Drive | Investigating Windows Google Drive - Forensafe |
| Google Takeout | Google Takeout Forensics: The Art of Investigation [Explained] |
| Google Tasks | Check Marks the Spot - Google Tasks from Takeout - Stark4n6 |