Forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications
Source of Publication
Annales des Telecommunications/Annals of Telecommunications
Digital forensic analysis of videoconferencing applications has received considerable attention recently, owing to the wider adoption and diffusion of such applications following the recent COVID-19 pandemic. In this contribution, we present a detailed forensic analysis of Cisco WebEx which is among the top three videoconferencing applications available today. More precisely, we present the results of the forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications. We focus on three digital forensic areas, namely memory, disk space, and network forensics. From the extracted artifacts, it is evident that valuable user data can be retrieved from different data localities. These include user credentials, emails, user IDs, profile photos, chat messages, shared media, meeting information including meeting passwords, contacts, Advanced Encryption Standard (AES) keys, keyword searches, timestamps, and call logs. We develop a memory parsing tool for Cisco WebEx based on the extracted artifacts. Additionally, we identify anti-forensic artifacts such as deleted chat messages. Although network communications are encrypted, we successfully retrieve useful artifacts such as IPs of server domains and host devices along with message/event timestamps.
Springer Science and Business Media LLC
Cisco WebEx, Disk-space forensics, Memory forensics, Network forensics, Videoconferencing, VoIP forensics
Khalid, Zainab; Iqbal, Farkhund; Kamoun, Faouzi; Khan, Liaqat Ali; and Shah, Babar, "Forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications" (2022). All Works. 5291.
Indexed in Scopus
Open Access Type
Bronze: This publication is openly available on the publisher’s website but without an open license