“What one man can invent, we can discover it from existing data.”
Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.
As you may guessed Gmail Forensics means doing Digital Forensics on gmail data means all emails inside a particular account.
There are total 4 steps in digital forensics
Let's start Gmail Forensics STEP by STEP
Acquire, So a big question arise here “How to acquire the gmail data” now the answer to this question is -> there are lots of third party software available in market BUT I’m not going to use them I’ll tell you why, In this tutorial we are going to use a provided by google itself to all gmail users for acquiring their data and the named -> Google Take out. We’ll discuss next why to use google take out over third party tools.
All Informatiom about Google Take Out is provided by
Mr. Anurag Singh
(Digital Forensics Expert)
works with
*Delhi Police
*Noida Police
*CBI
*Income Tax Office
When we talk about digital forensics it means that we are talking about legal things, and in legal case we need pure data without any alternation. And Google Take out gives you pure data without altering even a bit (by the way a bit can corrupt your data) But if you use any other third party software to backup your data they add a extra layer over it means your data is request by the application and then server respond to it and after receiving the requested object, application write your data into disk. And In Google Take out all your email data that lives on gmail cloud firstly get collected because gmail use distributed database systems and after that google create a mirror image image your data and then zip it and after all the process DONE google send you a download link
This is a optional step but its very important in gmail forensics because once you get the takeout and find the legal proof against the victim but if victim delete the evidance from gmail and show to jurry that there is not email like you are showing then every thing is lost becuase the takeout you get from gmail is not same as the takeout user is taking from gmail live in court So, you need to block the user's gmail account So, the user can not make the changes to it gmail account
See video for blocking any gmail account STEP-by-STEP
In our this case where we are collecting the healthy data from Gmail Directly So, we don’t need to recover it. Let say we find a gmail take out .zip file in someone else computer and its damaged than we need to recover it. But now we’re getting healthy data from google and we don’t need you recover it
For examining gmail data we’re going to use MailXaminer. A Certified Mail Examiner Software. Designed and Developed by SysTools Inc.Take a look at Video for understanding everything in detail
For generating report we're using again -> MailXaminer, Take a look at video