Zainab Khalid, Farkhund Iqbal, F. Kamoun, Mohammed Hussain, Liaqat Ali Khan
{"title":"思科WebEx应用程序的取证分析","authors":"Zainab Khalid, Farkhund Iqbal, F. Kamoun, Mohammed Hussain, Liaqat Ali Khan","doi":"10.1109/CSNet52717.2021.9614647","DOIUrl":null,"url":null,"abstract":"The COVID-19 pandemic has triggered a surge in the usage of videoconferencing applications around the globe. While this trend provided a convenient alternative to face-to-face meetings, it has also opened the door for new scenarios of malicious attacks. The security and privacy of the (vidéoconférence) participants' data has therefore become a major concern. Despite its importance, the forensic analysis of videoconferencing applications remains a relatively under researched area. This paper presents a detailed analysis of the Cisco WebEx videoconferencing application on a Windows OS in the areas of memory forensics, disk-space forensics and network forensics. From the extracted artifacts, it is evident that valuable user data can be retrieved from different sources. These include user emails, user IDs, profile photos, sent and deleted chat messages, shared media, meeting information including meeting passwords, Advanced Encryption Standard (AES) keys, keyword searches, timestamps, and log files. Although network communications are encrypted, some useful artifacts can be retrieved such as IPs of server domains and host devices along with message/event timestamps. Digital certificates of the videoconferencing communications are also retrieved.","PeriodicalId":360654,"journal":{"name":"2021 5th Cyber Security in Networking Conference (CSNet)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Forensic Analysis of the Cisco WebEx Application\",\"authors\":\"Zainab Khalid, Farkhund Iqbal, F. Kamoun, Mohammed Hussain, Liaqat Ali Khan\",\"doi\":\"10.1109/CSNet52717.2021.9614647\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The COVID-19 pandemic has triggered a surge in the usage of videoconferencing applications around the globe. While this trend provided a convenient alternative to face-to-face meetings, it has also opened the door for new scenarios of malicious attacks. The security and privacy of the (vidéoconférence) participants' data has therefore become a major concern. Despite its importance, the forensic analysis of videoconferencing applications remains a relatively under researched area. This paper presents a detailed analysis of the Cisco WebEx videoconferencing application on a Windows OS in the areas of memory forensics, disk-space forensics and network forensics. From the extracted artifacts, it is evident that valuable user data can be retrieved from different sources. These include user emails, user IDs, profile photos, sent and deleted chat messages, shared media, meeting information including meeting passwords, Advanced Encryption Standard (AES) keys, keyword searches, timestamps, and log files. Although network communications are encrypted, some useful artifacts can be retrieved such as IPs of server domains and host devices along with message/event timestamps. Digital certificates of the videoconferencing communications are also retrieved.\",\"PeriodicalId\":360654,\"journal\":{\"name\":\"2021 5th Cyber Security in Networking Conference (CSNet)\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 5th Cyber Security in Networking Conference (CSNet)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSNet52717.2021.9614647\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 5th Cyber Security in Networking Conference (CSNet)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSNet52717.2021.9614647","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The COVID-19 pandemic has triggered a surge in the usage of videoconferencing applications around the globe. While this trend provided a convenient alternative to face-to-face meetings, it has also opened the door for new scenarios of malicious attacks. The security and privacy of the (vidéoconférence) participants' data has therefore become a major concern. Despite its importance, the forensic analysis of videoconferencing applications remains a relatively under researched area. This paper presents a detailed analysis of the Cisco WebEx videoconferencing application on a Windows OS in the areas of memory forensics, disk-space forensics and network forensics. From the extracted artifacts, it is evident that valuable user data can be retrieved from different sources. These include user emails, user IDs, profile photos, sent and deleted chat messages, shared media, meeting information including meeting passwords, Advanced Encryption Standard (AES) keys, keyword searches, timestamps, and log files. Although network communications are encrypted, some useful artifacts can be retrieved such as IPs of server domains and host devices along with message/event timestamps. Digital certificates of the videoconferencing communications are also retrieved.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
