{"title":"使用各种取证工具和技术对 AnyDesk 远程访问应用程序进行取证分析","authors":"Nishchal Soni , Manpreet Kaur , Vishwas Bhardwaj","doi":"10.1016/j.fsidi.2024.301695","DOIUrl":null,"url":null,"abstract":"<div><p>This study delves into a forensic analysis of the AnyDesk Remote Access application, focusing prominently on disk forensic acquisitions. We aim to assess the security and privacy features of AnyDesk, uncovering insights vital for forensic investigators and potential adversaries. The recovery of artifacts from Android Mobile and Window-based PC devices, employing acquisition techniques, plays a pivotal role in forensic analysis. The study underscores the significance of log files, housing crucial details like user IDs, dates, transfer times, and file movements. Manual scrutiny of the extracted data establishes user connections and reveals user-centric information, encompassing wallpapers, chat logs, AnyDesk-IDs, and transferred files. As the data lacks encryption, artifacts are easily comprehensible and interlinked. AnyDesk-related files, including session recordings, media files, and documents, undergo successful extraction via forensic methods. Root permissions on the Android phone emerge as a critical asset, facilitating the identification of more reliable and concealed data. In contrast, on the PC, all files related to AnyDesk were identified through a combination of automatic and manual examination. In essence, this study provides profound insights into AnyDesk's security and privacy features, underscored by the instrumental role of forensic acquisitions in pinpointing and extracting pertinent data.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"48 ","pages":"Article 301695"},"PeriodicalIF":2.0000,"publicationDate":"2024-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666281724000040/pdfft?md5=84d83a61a2c6868aec0b282dfcba3760&pid=1-s2.0-S2666281724000040-main.pdf","citationCount":"0","resultStr":"{\"title\":\"A forensic analysis of AnyDesk Remote Access application by using various forensic tools and techniques\",\"authors\":\"Nishchal Soni , Manpreet Kaur , Vishwas Bhardwaj\",\"doi\":\"10.1016/j.fsidi.2024.301695\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>This study delves into a forensic analysis of the AnyDesk Remote Access application, focusing prominently on disk forensic acquisitions. We aim to assess the security and privacy features of AnyDesk, uncovering insights vital for forensic investigators and potential adversaries. The recovery of artifacts from Android Mobile and Window-based PC devices, employing acquisition techniques, plays a pivotal role in forensic analysis. The study underscores the significance of log files, housing crucial details like user IDs, dates, transfer times, and file movements. Manual scrutiny of the extracted data establishes user connections and reveals user-centric information, encompassing wallpapers, chat logs, AnyDesk-IDs, and transferred files. As the data lacks encryption, artifacts are easily comprehensible and interlinked. AnyDesk-related files, including session recordings, media files, and documents, undergo successful extraction via forensic methods. Root permissions on the Android phone emerge as a critical asset, facilitating the identification of more reliable and concealed data. In contrast, on the PC, all files related to AnyDesk were identified through a combination of automatic and manual examination. In essence, this study provides profound insights into AnyDesk's security and privacy features, underscored by the instrumental role of forensic acquisitions in pinpointing and extracting pertinent data.</p></div>\",\"PeriodicalId\":48481,\"journal\":{\"name\":\"Forensic Science International-Digital Investigation\",\"volume\":\"48 \",\"pages\":\"Article 301695\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2024-02-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2666281724000040/pdfft?md5=84d83a61a2c6868aec0b282dfcba3760&pid=1-s2.0-S2666281724000040-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Forensic Science International-Digital Investigation\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2666281724000040\",\"RegionNum\":4,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281724000040","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A forensic analysis of AnyDesk Remote Access application by using various forensic tools and techniques
This study delves into a forensic analysis of the AnyDesk Remote Access application, focusing prominently on disk forensic acquisitions. We aim to assess the security and privacy features of AnyDesk, uncovering insights vital for forensic investigators and potential adversaries. The recovery of artifacts from Android Mobile and Window-based PC devices, employing acquisition techniques, plays a pivotal role in forensic analysis. The study underscores the significance of log files, housing crucial details like user IDs, dates, transfer times, and file movements. Manual scrutiny of the extracted data establishes user connections and reveals user-centric information, encompassing wallpapers, chat logs, AnyDesk-IDs, and transferred files. As the data lacks encryption, artifacts are easily comprehensible and interlinked. AnyDesk-related files, including session recordings, media files, and documents, undergo successful extraction via forensic methods. Root permissions on the Android phone emerge as a critical asset, facilitating the identification of more reliable and concealed data. In contrast, on the PC, all files related to AnyDesk were identified through a combination of automatic and manual examination. In essence, this study provides profound insights into AnyDesk's security and privacy features, underscored by the instrumental role of forensic acquisitions in pinpointing and extracting pertinent data.