{"title":"Forensic analysis and data decryption of tencent meeting in windows environment","authors":"Soojin Kang , Uk Hur , Giyoon Kim , Jongsung Kim","doi":"10.1016/j.fsidi.2024.301818","DOIUrl":null,"url":null,"abstract":"<div><p>Video conferencing applications have become ubiquitous in the post-COVID-19 era. Remote meetings, briefing sessions, and lectures are gradually becoming part of our culture. Thus, the amount of user data that video conferencing applications collect and manage has increased, and such data can be used as digital evidence. In this study, we analyzed Tencent Meeting, the most widely used video conferencing application in China, to identify the data stored on the user's disk by the application. Tencent Meeting stores user information and the chat history during a video conference on local storage. We found that Tencent Meeting suffers from a vulnerability in the process of encrypting and storing the user data, which can be exploited by anyone who can access and decrypt the user's data. We expect that our findings to help digital forensics investigators conduct efficient investigations when applications are used for malicious purposes.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301818"},"PeriodicalIF":2.0000,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281724001422","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Video conferencing applications have become ubiquitous in the post-COVID-19 era. Remote meetings, briefing sessions, and lectures are gradually becoming part of our culture. Thus, the amount of user data that video conferencing applications collect and manage has increased, and such data can be used as digital evidence. In this study, we analyzed Tencent Meeting, the most widely used video conferencing application in China, to identify the data stored on the user's disk by the application. Tencent Meeting stores user information and the chat history during a video conference on local storage. We found that Tencent Meeting suffers from a vulnerability in the process of encrypting and storing the user data, which can be exploited by anyone who can access and decrypt the user's data. We expect that our findings to help digital forensics investigators conduct efficient investigations when applications are used for malicious purposes.