Cloud acquisition is arguably the future of mobile forensics. Even today, cloud services by Apple and Google often contain more information than any single device – mostly due to the fact that cloud data is collected from multiple sources.
The two biggest challenges of cloud extraction have always been the account password and the secondary authentication factor. Without the correct password, accessing information in the user’s iCloud or Google Account was nearly impossible, the only alternative being the lengthy and complex legal process. Several years back, we developed a workaround, allowing experts to use binary authentication token to access Apple iCloud backups and synced data without the password. Today, we are introducing the same thing for Google accounts. If you have access to the user’s computer (Mac or PC), you can extract a binary authentication token from that computer and use it to bypass the password and two-factor authentication protection. So let us have a look at what these tokens are, where they are stored, what’s inside, and how to use them to access and extract information from the Google Account.
