Abstract
Videoconferencing applications have seen a jump in their userbase owing to the COVID-19 pandemic. The security of these applications has certainly been a hot topic since millions of VoIP users’ data is involved. However, research pertaining to VoIP forensics is still limited to Skype and Zoom. This paper presents a detailed forensic analysis of Microsoft Teams, one of the top 3 videoconferencing applications, in the areas of memory, disk-space and network forensics. Extracted artifacts include critical user data, such as emails, user account information, profile photos, exchanged (including deleted) messages, exchanged text/media files, timestamps and Advanced Encryption Standard encryption keys. The encrypted network traffic is investigated to reconstruct client-server connections involved in a Microsoft Teams meeting with IP addresses, timestamps and digital certificates. The conducted analysis demonstrates that, with strong security mechanisms in place, user data can still be extracted from a client’s desktop. The artifacts also serve as digital evidence in the court of Law, in addition to providing forensic analysts a reference for cases involving Microsoft Teams.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
20 Astonishing Video Conferencing Statistics for 2021. Digital in the Round, 10 May 2021. digitalintheround.com/video-conferencing-statistics/
Best Video Conferencing Software in 2020 | G2. G2. https://www.g2.com/categories/video-conferencing
Lorenz, T.: ‘Zoombombing’: When Video Conferences Go Wrong. The New York Times, 20 March 2020
Andrew Lewis, J.: Video Conferencing Technology and Risk. www.csis.org, 03 December 2020. https://www.csis.org/analysis/video-conferencing-technology-and-risk
Zorz, Z.: Cisco WebEx vulnerabilities may enable attackers to covertly join meetings. Help Net Security, 19 November 2020. https://www.helpnetsecurity.com/2020/11/19/cisco-webex-vulnerabilities-attackers-covertly-join-meetings/
Gode, S.: Video Conferencing Security Issues and Opportunities. Unify Square. https://www.unifysquare.com/blog/video-conferencing-security-issues-and-opportunities/
Warren, T.: Microsoft Teams usage jumps to 145 million daily active users. The Verge, 27 April 2021. https://www.theverge.com/2021/4/27/22406472/microsoft-teams-145-million-daily-active-users-stats
Security guide for Microsoft Teams - Microsoft Teams. docs.microsoft.com. https://docs.microsoft.com/en-us/microsoftteams/teams-security-guide#encryption-for-teams
Sgaras, C., Kechadi, M.-T., Le-Khac, N.-A.: Forensics Acquisition and Analysis of instant messaging and VoIP applications. In: Computational Forensics, pp. 188–199 (2015)
Yang, T.Y., Dehghantanha, A., Choo, K.R., Muda, Z.: Windows instant messaging app forensics: Facebook and Skype as case studies. PLOS ONE 11(3), e0150300 (2016). https://doi.org/10.1371/journal.pone.0150300
Tandel, H., Rughani, P.H.: Forensic analysis of asterisk-FreePBX based VoIP server. Int. J. Emerg. Res. Manage. Technol. 6, 2278–9359 (2018). https://doi.org/10.23956/ijermt.v6i8.133
Dargahi, T., Dehghantanha, A., Conti, M.: Forensics analysis of android mobile VoIP Apps. In: Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, pp. 7–20 (2017). https://doi.org/10.1016/b978-0-12-805303-4.00002-2
Sha, M.M., Manesh,T., Abd El-atty, S.M.: VoIP forensic analyzer. Int. J. Adv. Comput. Sci. Appl. 7(1) (2016). https://doi.org/10.14569/ijacsa.2016.070116
Nicoletti, M., Bernaschi, M.: Forensic analysis of Microsoft Skype for Business. Digit. Investig. 29, 159–179 (2019). https://doi.org/10.1016/j.diin.2019.03.012
Mahr, A., Cichon, M., Mateo, S., Grajeda, C., Baggili, I.: Zooming into the pandemic! A forensic analysis of the Zoom Application. Forensic Sci. Int. Digit. Investig. 36, 301107 (2021). https://doi.org/10.1016/j.fsidi.2021.301107
Alisabeth, C., Restu Pramadi, Y.: Forensic analysis of instagram on android. IOP Conf. Ser. Mater. Sci. Eng. 1007, 012116 (2020). https://doi.org/10.1088/1757-899x/1007/1/012116
Awan, F.A.: Forensic examination of social networking applications on smartphones. In: 2015 Conference on Information Assurance and Cyber Security (CIACS), pp. 36–43 (2015). https://doi.org/10.1109/CIACS.2015.7395564
Zhang, H., Chen, L., Liu, Q.: Digital forensic analysis of instant messaging applications on android smartphones. In: 2018 International Conference on Computing, Networking and Communications (ICNC), pp. 647–651 (2018). https://doi.org/10.1109/ICCNC.2018.8390330
Acknowledgment
This study is supported with research funds from Research Incentive Funds (R19044) and Provost Research Fellowship Award (R20093), Zayed University, United Arab Emirates.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Khalid, Z., Iqbal, F., Al-Hussaeni, K., MacDermott, A., Hussain, M. (2022). Forensic Analysis of Microsoft Teams: Investigating Memory, Disk and Network. In: Paiva, S., et al. Science and Technologies for Smart Cities. SmartCity 360 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 442. Springer, Cham. https://doi.org/10.1007/978-3-031-06371-8_37
Download citation
DOI: https://doi.org/10.1007/978-3-031-06371-8_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06370-1
Online ISBN: 978-3-031-06371-8
eBook Packages: Computer ScienceComputer Science (R0)