Simulation of artefact detection in Viber and Telegram instant messengers in Windows operating systems

IF 0.6 Q4 BUSINESS
A. Borodin, R. Veynberg, Dmitry I. Pisarev, O. Litvishko
{"title":"Simulation of artefact detection in Viber and Telegram instant messengers in Windows operating systems","authors":"A. Borodin, R. Veynberg, Dmitry I. Pisarev, O. Litvishko","doi":"10.17323/1998-0663.2019.4.39.48","DOIUrl":null,"url":null,"abstract":"Messengers are popular today on mobile devices and traditional computers. Starting as a small text messaging service, they have turned into effective communication channels for both private and corporate users, becoming more than just an SMS replacement. Users entrust to them a huge amount of information, such as a time-based map of activity, photos and other personal data. Messengers changed the way communication is done; they reduce the distance to the user and along with social networks become tools for fraud, spam or blackmail and terrorism. In this regard, it is vital to study instant messengers from a forensic point of view. This research explores and compares two popular messengers: Viber and Telegram, which is rapidly gaining popularity in the criminal world and the darknet as secure message tools. The main purpose of the research is to investigate and analyze potential artefacts remaining during the installation and use of instant messengers, as well as after their uninstallation. The authors have done several experiments to investigate the artefacts in different environments and provide clear explanation of the results. The experiments showed that even though Telegram is considered to be one of the most secure instant messengers, important and useful material on a hard drive and registry remain after complete uninstallation of the application. Exploring Viber artefacts showed up information that helps to restore the whole history of a communication. Moreover, the study confirmed that artefacts are still accessible in Windows after removal of the application. INFORMATION SECURITY","PeriodicalId":41920,"journal":{"name":"Biznes Informatika-Business Informatics","volume":null,"pages":null},"PeriodicalIF":0.6000,"publicationDate":"2019-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Biznes Informatika-Business Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17323/1998-0663.2019.4.39.48","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"BUSINESS","Score":null,"Total":0}
引用次数: 5

Abstract

Messengers are popular today on mobile devices and traditional computers. Starting as a small text messaging service, they have turned into effective communication channels for both private and corporate users, becoming more than just an SMS replacement. Users entrust to them a huge amount of information, such as a time-based map of activity, photos and other personal data. Messengers changed the way communication is done; they reduce the distance to the user and along with social networks become tools for fraud, spam or blackmail and terrorism. In this regard, it is vital to study instant messengers from a forensic point of view. This research explores and compares two popular messengers: Viber and Telegram, which is rapidly gaining popularity in the criminal world and the darknet as secure message tools. The main purpose of the research is to investigate and analyze potential artefacts remaining during the installation and use of instant messengers, as well as after their uninstallation. The authors have done several experiments to investigate the artefacts in different environments and provide clear explanation of the results. The experiments showed that even though Telegram is considered to be one of the most secure instant messengers, important and useful material on a hard drive and registry remain after complete uninstallation of the application. Exploring Viber artefacts showed up information that helps to restore the whole history of a communication. Moreover, the study confirmed that artefacts are still accessible in Windows after removal of the application. INFORMATION SECURITY
Windows操作系统下Viber和Telegram即时通讯工具的伪影检测仿真
如今,信使在移动设备和传统电脑上很受欢迎。从一个小型短信服务开始,它们已经成为私人和企业用户的有效沟通渠道,不仅仅是短信的替代品。用户将大量信息委托给他们,例如基于时间的活动地图、照片和其他个人数据。信使改变了沟通的方式;它们缩短了与用户的距离,并与社交网络一起成为欺诈、垃圾邮件或勒索和恐怖主义的工具。在这方面,从法医学的角度研究即时信使是至关重要的。这项研究探索并比较了两种流行的信使:Viber和Telegram,这两种信使在犯罪世界和暗网中作为安全消息工具迅速流行起来。这项研究的主要目的是调查和分析在安装和使用即时通讯工具以及卸载后遗留的潜在伪影。作者做了几个实验来研究不同环境中的伪影,并对结果进行了明确的解释。实验表明,尽管Telegram被认为是最安全的即时通讯工具之一,但在应用程序完全卸载后,硬盘和注册表上的重要和有用材料仍然存在。对Viber人工制品的探索显示了有助于恢复整个通信历史的信息。此外,该研究证实,在删除应用程序后,人工制品仍然可以在Windows中访问。信息安全
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
33.30%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信