To uncover the logs, Brown said he used three key elements of Google's IT system: an internal database called Armada, an internal forensics tool called GRR, and a security application called Bit9.