Forensic analysis for multi-platform Cisco Webex

IF 2 4区 医学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS Forensic Science International-Digital Investigation Pub Date : 2023-11-01 DOI:10.1016/j.fsidi.2023.301659
Uk Hur , Giyoon Kim , Soojin Kang , Jongsung Kim
{"title":"Forensic analysis for multi-platform Cisco Webex","authors":"Uk Hur ,&nbsp;Giyoon Kim ,&nbsp;Soojin Kang ,&nbsp;Jongsung Kim","doi":"10.1016/j.fsidi.2023.301659","DOIUrl":null,"url":null,"abstract":"<div><p><span>As contactless work has become more popular, the use of video conferencing and collaboration applications has increased. These applications provide versions for each platform in order to enable communications using various OS and devices. In order to provide a continuous workflow when switching between devices, data is stored on the cloud and then synchronized. Therefore, methods for extracting and analyzing data from various platforms and collecting data stored in the cloud must be preceded for digital forensic investigation<span>. We present the data analysis results of Cisco's Webex, a popular video conferencing and collaboration application, in Windows, macOS, iOS, and Android environments. Webex uses the data protection API provided by each OS to encrypt user data. We propose a method to unprotect data protected by the data protection API as well as a method to decrypt encrypted Webex user data. The decrypted data contained most of the user's data, and we analyze it to propose a method to recover deleted messages. We also propose a method to acquire cloud data by utilizing the decrypted data to migrate credential data stored on a device. The proposed method decrypts </span></span>encrypted data on any platform and allows login via credentials.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281723001786","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

As contactless work has become more popular, the use of video conferencing and collaboration applications has increased. These applications provide versions for each platform in order to enable communications using various OS and devices. In order to provide a continuous workflow when switching between devices, data is stored on the cloud and then synchronized. Therefore, methods for extracting and analyzing data from various platforms and collecting data stored in the cloud must be preceded for digital forensic investigation. We present the data analysis results of Cisco's Webex, a popular video conferencing and collaboration application, in Windows, macOS, iOS, and Android environments. Webex uses the data protection API provided by each OS to encrypt user data. We propose a method to unprotect data protected by the data protection API as well as a method to decrypt encrypted Webex user data. The decrypted data contained most of the user's data, and we analyze it to propose a method to recover deleted messages. We also propose a method to acquire cloud data by utilizing the decrypted data to migrate credential data stored on a device. The proposed method decrypts encrypted data on any platform and allows login via credentials.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
多平台思科Webex的取证分析
随着非接触式工作越来越流行,视频会议和协作应用的使用也越来越多。这些应用程序为每个平台提供版本,以便使用各种操作系统和设备进行通信。为了在设备之间切换时提供连续的工作流程,数据存储在云中,然后进行同步。因此,数字取证调查必须先从各个平台提取和分析数据,并收集存储在云中的数据。我们展示了思科的Webex的数据分析结果,Webex是一个流行的视频会议和协作应用程序,在Windows, macOS, iOS和Android环境下。Webex使用各操作系统提供的数据保护API对用户数据进行加密。我们提出了一种解除数据保护API保护的数据保护的方法,以及一种解密加密的Webex用户数据的方法。解密后的数据包含了大部分用户的数据,通过对其进行分析,提出了一种恢复被删除信息的方法。我们还提出了一种通过利用解密数据迁移存储在设备上的凭据数据来获取云数据的方法。所提出的方法可以在任何平台上解密加密的数据,并允许通过凭证登录。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
5.90
自引率
15.00%
发文量
87
审稿时长
76 days
期刊最新文献
Commentary:- Can I use that tool? Temporal metadata analysis: A learning classifier system approach Uncertainty and error in location traces Competence in digital forensics “What you say in the lab, stays in the lab”: A reflexive thematic analysis of current challenges and future directions of digital forensic investigations in the UK
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1