Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Collection and Analysis of Collaboration Tool JANDI Artifacts in a Windows Environment

윈도우 환경에서의 협업 도구 잔디 아티팩트 수집 및 분석 연구

  • Dabin We (Hansung University) ;
  • Hangyeol Kim (Hansung University) ;
  • Myungseo Park (Hansung University)
  • 위다빈 (한성대학교) ;
  • 김한결 (한성대학교) ;
  • 박명서 (한성대학교)
  • Received : 2024.06.25
  • Accepted : 2024.09.10
  • Published : 2024.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

As non-face-to-face work increases due to the COVID-19 pandemic, companies have introduced collaboration tools to perform work without spatial constraints. The rapidly growing collaboration tool market continues to show high utilization rates even after the endemic due to the increase in demand for hybrid work that combines face-to-face and non-face-to-face work. The use of collaboration tools increases work efficiency, facilitates smooth collaboration, and increases data integration, generating various data. However, at the same time, it also increases the risk of exposure of corporate confidential information due to the possibility of external access by internal users. In response to this, an analysis method is needed to collect and acquire data during digital investigations targeting collaboration tools. In this paper, we identified local artifacts targeting JANDI, a collaboration tool in a Windows environment, and explained how to collect and analyze data through API reconstruction. Finally, we presented a digital forensic utilization method through scenario and chat room reconstruction.

코로나19 유행으로 인해 비대면 업무가 증가함에 따라 기업은 공간 제약 없이 업무를 수행하기 위해 협업 도구를 도입하였다. 이로 인해 급성장한 협업 도구 시장은 엔데믹 이후에도 대면과 비대면을 병행하는 하이브리드 워크 수요의 증가로 여전히 높은 이용률을 보여주고 있다. 협업 도구의 사용은 업무의 효율성을 높여주고 원활한 협업을 도우며 데이터의 통합성을 높여 다양한 데이터를 생성한다. 하지만 동시에 내부 사용자들의 외부 접근 가능성으로 인해 기업 기밀 정보의 노출 위험도 함께 증가시킨다. 이에 대비하여 협업 도구를 대상으로 한 디지털 수사 시 데이터를 수집하고 획득하기 위한 분석 방법이 필요하다. 본 논문에서는 윈도우 환경에서의 협업 도구인 잔디를 대상으로 로컬 아티팩트를 식별하였으며, API 재구성을 통해 데이터를 수집하고 분석하는 방법을 설명하였다. 마지막으로 시나리오와 채팅방 재구성을 통해 디지털 포렌식적 활용 방안을 제시하였다.

Keywords

References

  1. incruit, "87.0% of respondents, "Even when the coronavirus is over, the market for non-face-to-face collaboration tools will grow further."",https://news.incruit.com/news/newsview.asp?newsno=435259, 2023.10.11.
  2. Maeil Business Newspaper, "Collaboration tool JANDI achieves first-ever surplus in January... Surpasses 5,000 paying customers", https://www.mk.co.kr/news/it/10937394, 2024.03.11
  3. Sung-soo Kim and Sung-jinLee, "A study on message acquisition from electron apps: focused on collaboration tools such as jandi, slack, and microsoft teams," Journal of The Korea Institute of Information Security & Cryptology, 32(1), pp.11-23, Feb. 2022
  4. Sumin Shin, Yongcheol Choi, Soram Kim and Jongsung Kim, "artifacts analysis and data recovery of collaboration tools," Journal of Digital Forensics, 15(2), pp. 99-123, jun. 2021
  5. Sumin Shin, Eunhu Park, Soram Kim and Jongsung Kim, "Artifacts analysis of slack and discord messenger in digital forensic," Journal of Digital Contents Society, 21(4), pp. 799-809, Aug. 2020
  6. Young-hoon Kim and Tae-kyoung Kwon, "On artifact analysis for user behaviors in collaboration tools - using differential forensics for distinct operating environments," Journal of The Korea Institute of Information Security & Cryptology, 31(3), pp. 353-363, Jun. 2021.
  7. Herschel Bowling, Kathryn Seigfried-Spellar, Umit Karabiyik and Marcus Rogers, "we are meeting on microsoft teams: forensic analysis in windows, android, and ios operating systems," Journal of Forensic Sciences, vol. 68, no. 9, pp. 434 - 460, Mar. 2023
  8. Gwui-Eun Park, Min-Jeong Lee, Soo-Jin Kang, So-Ram Kim and Jong-Sung Kim, "A study on artifacts analysis and credential utilization method of collabor ation tools in ios," Journal of Digital Forensics, 17(2), pp. 14-32, Jun. 2023
  9. Farkhund Iqbal, Zainab Khalid, Andrew Marrington, Babar Shah and Patrick C.K. Hung, "Forensic investigation of google meet for memory and browser artifacts," Forensic Science International: Digital Investigation, vol. 43, Sep. 2022
  10. Zainab Khalid, Farkhund Iqbal, Khalil Al-Hussaeni, Aine MacDermott and Mohammed Hussain, "Forensic analysis of microsoft teams : Investigating memory, disk and network," Science and Technologies for Smart Cities, vol.442, Jun. 2022
  11. Megan Davis, Bridget McInnes andIrfan Ahmed, "Forensic investigation of instant messaging serviceson linuxos: discord and slack as case studies," Forensic Science International: Digital Investigation, vol. 42, Aug. 2022
  12. Mauricio Piacentini, "DBBrowser forSQLite", https://sqlitebrowser.org/,2023.09.13.
  13. mh-nexus.de, "HxD", https://mh-nexus.de/en/hxd/, 2023.08.14.
  14. Nirsoft, "ChromeCacheView", https://www.nirsoft.net/utils/chrome_cache_view.html, 2023.10.21.
  15. GitHub, "Chromium_dump_local_storage.py", https://github.com/cclgroupltd/ccl_chrome_indexeddb/blob/master/Chromium_dump_local_storage.py, 2023.10.33.
  16. Telerik AD, "Fiddler", https://www.telerik.com/fiddler, 2023.10.12.
  17. GitHub, "winPmem", https://github.com/Velocidex/WinPmem, 2023.10.11.