DriveFS Sleuth Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts


“I discovered the unlawful use of Google Drive File Stream when conducting threat-hunting for a customer to find the misuse of file-syncing apps within their network. Although these technologies provide notable collaboration features, there is a possibility that they could compromise data security, especially in terms of exfiltration. At the time, I couldn’t identify any published studies on related objects.

The tool’s inventor, Amged Wageh, told Help Net Security, “As a result, I conducted independent research to analyze the pertinent disk artifacts and developed DriveFS Sleuth based on the findings.” DriveFS Sleuth is renowned for its expertise in forensic artifact analysis and seamless correlation to provide critical insights during investigations, according to Wageh.

Read More…