Google Drive Databases

Overview

Evidence: Google Drive Databases Description: Collect Google Drive Synchronization Databases Category: Applications Platform: windows Short Name: gdrvdb Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Google Drive (legacy desktop client) stores synchronization databases, cloud graph data, and temporary data in SQLite databases and log files. These databases track synchronized files, cloud relationships, and sync state.

Data Collected

This collector gathers structured data about google drive databases.

Collection Method

This collector gathers Google Drive database files, log files, cloud graph databases, and temp data from Application Data and Local directories.

Forensic Value

Google Drive databases reveal synchronized files, folders accessed, cloud storage usage, sharing activities, and file modifications. This helps identify data exfiltration to cloud storage, shared documents, and cloud-based evidence.