•  
  •  
 

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

Information and the technological advancements for which mankind develops with regards to its storage has increased tremendously over the past few decades. As the total amount of data stored rapidly increases in conjunction with the amount of widely available computer-driven devices being used, solutions are being developed to better harness this data (LaTulippe, 2011). One of these solutions is commonly known as a search appliance. Search appliances have been used in e-discovery for several years. The Google Mini Search Appliance (Mini) has not only been used for e-discovery, but for indexing and searching internal documents. To accomplish these tasks, search appliances not only cache html versions of the documents, they contain metadata about the indexed documents, as well as metadata about search activity. This research analyzes the Mini to determine what forensically interesting artifacts exist on the device.

References

Burgess, E., & Metz, E. (2008). Applying Google Mini search appliance for document discoverability. Online, 32(4), 25-27.

Chan, A. (2009, July). Google to the (E-Discovery) rescue? Retrieved January 11, 2013, from eDiscovery: http://ediscovery.quarles.com/2009/07/articles/information-technology/googleto-the-ediscovery-rescue/

Clark, J. (2005). AnandTech Search goes Google. Retrieved January 11, 2013, from anandtech.com: http://www.anandtech.com/show/1781/3

Cuff, J. (2009). Key trends and developments of rights information management systems–An interview with Jim Cuff of Iron Mountain Digital. Journal of Digital Asset Management, 5(2), 98-110.

Garrison, J. (2012, December 11). Google Mini Search Appliance teardown. Retrieved July 8, 2013, from http://1n73r.net/2012/12/11/google-mini-search-appliance-teardown/

Google. (2013a). Google Mini help. Retrieved January 11, 2013, from Google Web Site: http://support.google.com/mini/?hl=en#topic=219

Google. (2013b). Google Mini: Information. Retrieved January 11, 2013, from Google Web site: http://lp.googlemkto.com/NORTHAMSearchLCSMiniEndofLife_GoogleMiniFAQs.html

Google. (2013c). Google Mini report overview. Retrieved January 11, 2013, from Google Web site: http://static.googleusercontent.com/external_content/untrusted_dlcp/www.goo gle.ie/en/ie/enterprise/mini/lbrary/MiniReports.pdf

Google. (2013d). First-time startup of a Google Search Appliance. Retrieved January 15, 2013, from Google Web site: https://developers.google.com/searchappliance/documentation/50/installation/I nstallationGuide#FirstTime

Google. (2013e). Google Mini help center. Retrieved June 30, 2013, from Google Web site: https://developers.google.com/searchappliance/documentation/50/help_mini/home

Google. (2013f). Google Mini license agreement v3.0. Retrieved July 8, 2013, from Google Web site: http://1n73r.net/wp-content/uploads/2012/12/google-mini-eula.pdf

Larrieu, T. (2009). Crawling the control system. No. JLAB-ACO-09-1072; DOE/OR/23177-1007.

Newport News, VA: Thomas Jefferson National Accelerator Facility. LaTulippe, T. (2011). Working inside the box: An example of Google desktop search in a forensic examination. Journal of Digital Forensics, Security and Law, 6(4), 11-18.

McElhaney, S., & Ghani, S. (2008). Enterprise search and automated testing. Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices, 267.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.