Forensic Analysis of the Cisco WebEx Application

Document Type

Conference Proceeding

Source of Publication

2021 5th Cyber Security in Networking Conference (CSNet)

Publication Date

10-14-2021

Abstract

The COVID-19 pandemic has triggered a surge in the usage of videoconferencing applications around the globe. While this trend provided a convenient alternative to face-to-face meetings, it has also opened the door for new scenarios of malicious attacks. The security and privacy of the (vidéoconférence) participants' data has therefore become a major concern. Despite its importance, the forensic analysis of videoconferencing applications remains a relatively under researched area. This paper presents a detailed analysis of the Cisco WebEx videoconferencing application on a Windows OS in the areas of memory forensics, disk-space forensics and network forensics. From the extracted artifacts, it is evident that valuable user data can be retrieved from different sources. These include user emails, user IDs, profile photos, sent and deleted chat messages, shared media, meeting information including meeting passwords, Advanced Encryption Standard (AES) keys, keyword searches, timestamps, and log files. Although network communications are encrypted, some useful artifacts can be retrieved such as IPs of server domains and host devices along with message/event timestamps. Digital certificates of the videoconferencing communications are also retrieved.

ISBN

9781665407229

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Volume

00

Disciplines

Computer Sciences

Keywords

Teleconferencing, Pandemics, Forensics, Keyword search, Passwords, Media, Market research

Indexed in Scopus

no

Open Access

no

Share

COinS