A forensic analysis of AnyDesk Remote Access application by using various forensic tools and techniques

Abstract

This study delves into a forensic analysis of the AnyDesk Remote Access application, focusing prominently on disk forensic acquisitions. We aim to assess the security and privacy features of AnyDesk, uncovering insights vital for forensic investigators and potential adversaries. The recovery of artifacts from Android Mobile and Window-based PC devices, employing acquisition techniques, plays a pivotal role in forensic analysis. The study underscores the significance of log files, housing crucial details like user IDs, dates, transfer times, and file movements. Manual scrutiny of the extracted data establishes user connections and reveals user-centric information, encompassing wallpapers, chat logs, AnyDesk-IDs, and transferred files. As the data lacks encryption, artifacts are easily comprehensible and interlinked. AnyDesk-related files, including session recordings, media files, and documents, undergo successful extraction via forensic methods. Root permissions on the Android phone emerge as a critical asset, facilitating the identification of more reliable and concealed data. In contrast, on the PC, all files related to AnyDesk were identified through a combination of automatic and manual examination. In essence, this study provides profound insights into AnyDesk's security and privacy features, underscored by the instrumental role of forensic acquisitions in pinpointing and extracting pertinent data.