![]() ![]() The security and privacy of the videoconference session have therefore become a major concern. ![]() The terms Zoom bombing or Zoom raiding have recently been used to designate the disruptive intrusion into a videoconference call, whereby a hacker leverages weak authentication features (or other vulnerabilities) to either stream improper content or bully/harass meeting participants. The growing popularity of videoconferencing applications has also attracted malicious users, who use them to launch targeted attacks such as hacking online meetings and subjecting attendees to offensive content. ![]() As a result, videoconferencing market is expected to grow from US $6.28 billion in 2021 to US $12.99 billion by 2028 according to a Fortune Business Insight report. In fact, during the pandemic, the work landscape changed dramatically as more companies shifted to a work-from-home model. Although network communications are encrypted, we successfully retrieve useful artifacts such as IPs of server domains and host devices along with message/event timestamps.ĬOVID-19 has been a prime catalyst in the widespread adoption of videoconferencing applications such as Zoom, Cisco WebEx, Microsoft Teams, Adobe Connect, and BlueJeans for professional and personal use. Additionally, we identify anti-forensic artifacts such as deleted chat messages. We develop a memory parsing tool for Cisco WebEx based on the extracted artifacts. These include user credentials, emails, user IDs, profile photos, chat messages, shared media, meeting information including meeting passwords, contacts, Advanced Encryption Standard (AES) keys, keyword searches, timestamps, and call logs. From the extracted artifacts, it is evident that valuable user data can be retrieved from different data localities. We focus on three digital forensic areas, namely memory, disk space, and network forensics. More precisely, we present the results of the forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications. In this contribution, we present a detailed forensic analysis of Cisco WebEx which is among the top three videoconferencing applications available today. The investigation of file system can reveal the purpose and the contents of the BitTorrent client session.Digital forensic analysis of videoconferencing applications has received considerable attention recently, owing to the wider adoption and diffusion of such applications following the recent COVID-19 pandemic. The evidence remains in the registry even after the removal of the application, although it can really prove the fact of usage of the application only. The experiment revealed that BitTorrent client application creates Windows registry artefacts that can contain information which might be used as evidence during an investigation. Changes in Windows registry were collected and joined into tables. The snapshots of registry were taken and compared prior and after each step. The experiment was carried out in three steps: installation, download, and uninstallation. If order to fight against this type of cybercrime we carried out the research, during which we investigated the evidences left by BitTorrent client application in registry under Windows 8 operating system. This forensic investigation-based research revealed that evidence of data remnants subsequent to the installation and deletion of bitcoin wallets by the user did exist.īitTorrent client application is a popular tool to download large files from Internet, but this application is quite frequently used for illegal purposes that are one of the types of cybercrimes. It was undertaken to determine what data remnants and traces may remain on a Windows 10 operating system. The research focused on bitcoin as a case study to investigate a security incident involving suspected criminal activities using bitcoins, a cryptocurrency used in peer-to-peer technology. Bitcoin wallets such as MultiBit HD, Armory, mSIGNA, Bitpay, Bither, and Electrum were installed. Tools such as VMware Workstation Pro, OSForensics, MagnetRAM Capture, HxD have been used to retrieve some bitcoin artefacts. It was aimed to recover any evidence that would be present on a user's system even after they were deleted by the user. This research Digital forensic investigation into the remnants and traces left behind on a user system by Bitcoin wallets at all junctures following installation through transaction and deletion. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |