Skip to content
AIR Knowledge Base

Google Drive Databases

Overview

Section titled “Overview”

Evidence: Google Drive Databases
Description: Collect Google Drive Synchronization Databases
Category: Applications
Platform: windows
Short Name: gdrvdb
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Section titled “Background”

Google Drive (legacy desktop client) stores synchronization databases, cloud graph data, and temporary data in SQLite databases and log files. These databases track synchronized files, cloud relationships, and sync state.

Data Collected

Section titled “Data Collected”

This collector gathers structured data about google drive databases.

Collection Method

Section titled “Collection Method”

This collector gathers Google Drive database files, log files, cloud graph databases, and temp data from Application Data and Local directories.

Forensic Value

Section titled “Forensic Value”

Google Drive databases reveal synchronized files, folders accessed, cloud storage usage, sharing activities, and file modifications. This helps identify data exfiltration to cloud storage, shared documents, and cloud-based evidence.