Forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications

Document Type

Article

Source of Publication

Annales des Telecommunications/Annals of Telecommunications

Publication Date

1-1-2022

Abstract

Digital forensic analysis of videoconferencing applications has received considerable attention recently, owing to the wider adoption and diffusion of such applications following the recent COVID-19 pandemic. In this contribution, we present a detailed forensic analysis of Cisco WebEx which is among the top three videoconferencing applications available today. More precisely, we present the results of the forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications. We focus on three digital forensic areas, namely memory, disk space, and network forensics. From the extracted artifacts, it is evident that valuable user data can be retrieved from different data localities. These include user credentials, emails, user IDs, profile photos, chat messages, shared media, meeting information including meeting passwords, contacts, Advanced Encryption Standard (AES) keys, keyword searches, timestamps, and call logs. We develop a memory parsing tool for Cisco WebEx based on the extracted artifacts. Additionally, we identify anti-forensic artifacts such as deleted chat messages. Although network communications are encrypted, we successfully retrieve useful artifacts such as IPs of server domains and host devices along with message/event timestamps.

ISSN

0003-4347

Publisher

Springer Science and Business Media LLC

Disciplines

Computer Sciences

Keywords

Cisco WebEx, Disk-space forensics, Memory forensics, Network forensics, Videoconferencing, VoIP forensics

Scopus ID

85135801307

Indexed in Scopus

yes

Open Access

yes

Open Access Type

Bronze: This publication is openly available on the publisher’s website but without an open license

Link to Full Text

Share

COinS