{"title":"Forensic analysis for multi-platform Cisco Webex","authors":"Uk Hur , Giyoon Kim , Soojin Kang , Jongsung Kim","doi":"10.1016/j.fsidi.2023.301659","DOIUrl":null,"url":null,"abstract":"<div><p><span>As contactless work has become more popular, the use of video conferencing and collaboration applications has increased. These applications provide versions for each platform in order to enable communications using various OS and devices. In order to provide a continuous workflow when switching between devices, data is stored on the cloud and then synchronized. Therefore, methods for extracting and analyzing data from various platforms and collecting data stored in the cloud must be preceded for digital forensic investigation<span>. We present the data analysis results of Cisco's Webex, a popular video conferencing and collaboration application, in Windows, macOS, iOS, and Android environments. Webex uses the data protection API provided by each OS to encrypt user data. We propose a method to unprotect data protected by the data protection API as well as a method to decrypt encrypted Webex user data. The decrypted data contained most of the user's data, and we analyze it to propose a method to recover deleted messages. We also propose a method to acquire cloud data by utilizing the decrypted data to migrate credential data stored on a device. The proposed method decrypts </span></span>encrypted data on any platform and allows login via credentials.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281723001786","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
As contactless work has become more popular, the use of video conferencing and collaboration applications has increased. These applications provide versions for each platform in order to enable communications using various OS and devices. In order to provide a continuous workflow when switching between devices, data is stored on the cloud and then synchronized. Therefore, methods for extracting and analyzing data from various platforms and collecting data stored in the cloud must be preceded for digital forensic investigation. We present the data analysis results of Cisco's Webex, a popular video conferencing and collaboration application, in Windows, macOS, iOS, and Android environments. Webex uses the data protection API provided by each OS to encrypt user data. We propose a method to unprotect data protected by the data protection API as well as a method to decrypt encrypted Webex user data. The decrypted data contained most of the user's data, and we analyze it to propose a method to recover deleted messages. We also propose a method to acquire cloud data by utilizing the decrypted data to migrate credential data stored on a device. The proposed method decrypts encrypted data on any platform and allows login via credentials.