Along with echosix I got my interest raised in the GoogleChromeOS from a forensic prospective and thought I would take a very basic quick look under the hood.
The default install boots to a tabbed GUI interface and if you have network connectivity then you can login with an existing gmail account. If not then the default username name is chronos and the default password is chronos.
Once at the GUI you can use crtl/alt/T to bring up a shell and root access can be gained using the sudo command.
The terminal is actually really really slow to type and run commands in, so I invoked ssh and used putty /etc/init.d/ssh start did the trick.
Using putty the terminal surprisingly quick to use.
The new OS is based on Ubuntu 9.10;
The root partition of the drive was mounted read only, which I found to be interesting and mounted with the data=writeback option, which after some googling translated to mean.
“does no journaling of data; metadata only. fastest. data corruption possible in system crash”.
It appears the root partition is always mounted as read only upon boot and the user data is encrypted under the /home directory.
I logged in as test with my gmail account and located a directory under the default user account “chronos” named after my gmail account that contained further folder structure.
Navigating through the gmail account directory I found that most of the account information for my gmail account was located at the location of home/chronos/dougee652\@gmail.com/.config/google-chrome/Default/
From the tabbed GUI interface I saved an attachment from an email message and this file was saved locally to the Downloads directory.
I am going to look at the GoogleChromOS in a lot more detail and look at what user information is saved locally and what is stored in the cloud, stay tuned…………………….