Title

Forensic investigation of Google Meet for memory and browser artifacts

Document Type

Article

Source of Publication

Forensic Science International: Digital Investigation

Publication Date

9-1-2022

Abstract

Web applications have experienced a widespread adaptation owing to the agile Service Oriented Architecture (SOA) reflecting the ever-changing software needs of users. Google Meet is one of the top video conferencing applications, especially in the post-COVID19 era. Security and privacy concerns are therefore critical. This paper presents an extensive digital forensic analysis of Google Meet running on multiple browsers and software platforms including Google Chrome, Mozilla Firefox, and Microsoft Edge browsers in Windows 10 and Linux. Artifacts, traces of potential evidence, are extracted from different locations on a client's desktop, including the memory and browser. These include meeting records, communication records, email addresses, profile pictures, history, downloads, bookmarks, cache, cookies, etc. We explore how different Random Access Memory (RAM) sizes of client devices impact the persistence and format of extracted memory artifacts. A memory artifact extraction tool is developed to automate the extraction of artifacts identified via unstructured string analysis. Google Meet forensic artifacts are critical in that they are potential digital evidence in relevant criminal investigations. Additionally, they highlight that user data can be extracted despite implementing multiple privacy and security mechanisms.

ISSN

2666-2817

Publisher

Elsevier BV

Volume

43

First Page

301448

Last Page

301448

Disciplines

Computer Sciences

Keywords

Browser forensics, Google Meet, Memory forensics, Video conferencing

Indexed in Scopus

no

Open Access

yes

Open Access Type

Hybrid: This publication is openly available in a subscription-based journal/series

This document is currently not available here.

Share

COinS