Forensic analysis and data decryption of tencent meeting in windows environment

IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Forensic Science International-Digital Investigation Pub Date : 2024-08-28 DOI:10.1016/j.fsidi.2024.301818
Soojin Kang , Uk Hur , Giyoon Kim , Jongsung Kim
{"title":"Forensic analysis and data decryption of tencent meeting in windows environment","authors":"Soojin Kang ,&nbsp;Uk Hur ,&nbsp;Giyoon Kim ,&nbsp;Jongsung Kim","doi":"10.1016/j.fsidi.2024.301818","DOIUrl":null,"url":null,"abstract":"<div><p>Video conferencing applications have become ubiquitous in the post-COVID-19 era. Remote meetings, briefing sessions, and lectures are gradually becoming part of our culture. Thus, the amount of user data that video conferencing applications collect and manage has increased, and such data can be used as digital evidence. In this study, we analyzed Tencent Meeting, the most widely used video conferencing application in China, to identify the data stored on the user's disk by the application. Tencent Meeting stores user information and the chat history during a video conference on local storage. We found that Tencent Meeting suffers from a vulnerability in the process of encrypting and storing the user data, which can be exploited by anyone who can access and decrypt the user's data. We expect that our findings to help digital forensics investigators conduct efficient investigations when applications are used for malicious purposes.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":"51 ","pages":"Article 301818"},"PeriodicalIF":2.0000,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281724001422","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Video conferencing applications have become ubiquitous in the post-COVID-19 era. Remote meetings, briefing sessions, and lectures are gradually becoming part of our culture. Thus, the amount of user data that video conferencing applications collect and manage has increased, and such data can be used as digital evidence. In this study, we analyzed Tencent Meeting, the most widely used video conferencing application in China, to identify the data stored on the user's disk by the application. Tencent Meeting stores user information and the chat history during a video conference on local storage. We found that Tencent Meeting suffers from a vulnerability in the process of encrypting and storing the user data, which can be exploited by anyone who can access and decrypt the user's data. We expect that our findings to help digital forensics investigators conduct efficient investigations when applications are used for malicious purposes.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Windows 环境下腾讯会议的取证分析和数据解密
在后 COVID-19 时代,视频会议应用已变得无处不在。远程会议、简报会和讲座逐渐成为我们文化的一部分。因此,视频会议应用程序收集和管理的用户数据量也随之增加,而这些数据可被用作数字证据。在本研究中,我们分析了中国使用最广泛的视频会议应用程序--腾讯会议,以确定该应用程序存储在用户磁盘中的数据。腾讯会议将用户信息和视频会议期间的聊天记录存储在本地存储中。我们发现,腾讯会议在加密和存储用户数据的过程中存在漏洞,任何人只要能够访问并解密用户数据,就可以利用这个漏洞。我们希望我们的发现能够帮助数字取证调查人员在应用程序被用于恶意目的时进行高效调查。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
5.90
自引率
15.00%
发文量
87
审稿时长
76 days
期刊最新文献
Commentary:- Can I use that tool? Temporal metadata analysis: A learning classifier system approach Uncertainty and error in location traces Competence in digital forensics “What you say in the lab, stays in the lab”: A reflexive thematic analysis of current challenges and future directions of digital forensic investigations in the UK
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1