Mahr Andrew, Cichon Meghan, Mateo Sophia, Grajeda Cinthya, Baggili Ibrahim
Cyber Forensics Research and Education Group (UNHcFREG), Samuel S. Bergami Jr. Cybersecurity Center, Connecticut Institute of Technology, University of New Haven, 300 Boston Post Rd., West Haven, CT, 06516, USA.
Forensic Sci Int Digit Investig. 2021 Mar;36:301107. doi: 10.1016/j.fsidi.2021.301107. Epub 2021 Jan 23.
The global pandemic of COVID-19 has turned the spotlight on video conferencing applications like never before. In this critical time, applications such as Zoom have experienced a surge in its user base jump over the 300 million daily mark (ZoomBlog, 2020). The increase in use has led malicious actors to exploit the application, and in many cases perform . Therefore forensically examining Zoom is inevitable. Our work details the primary disk, network, and memory forensic analysis of the Zoom video conferencing application. Results demonstrate it is possible to find users' critical information in plain text and/or encrypted/encoded, such as chat messages, names, email addresses, passwords, and much more through network captures, forensic imaging of digital devices, and memory forensics. Furthermore we elaborate on interesting anti-forensics techniques employed by the Zoom application when contacts are deleted from the Zoom application's contact list.
新型冠状病毒肺炎(COVID-19)的全球大流行以前所未有的方式将聚光灯投向了视频会议应用程序。在这个关键时期,像Zoom这样的应用程序用户基数激增,突破了每日3亿大关(ZoomBlog,2020)。使用量的增加导致恶意行为者利用该应用程序,并且在许多情况下进行(此处原文不完整)。因此,对Zoom进行取证检查是不可避免的。我们的工作详细介绍了对Zoom视频会议应用程序进行的主要磁盘、网络和内存取证分析。结果表明,通过网络捕获、数字设备的取证成像和内存取证,可以以明文和/或加密/编码形式找到用户的关键信息,如聊天消息、姓名、电子邮件地址、密码等等。此外,我们还阐述了从Zoom应用程序的联系人列表中删除联系人时,该应用程序所采用的有趣的反取证技术。
