Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.3.353

On Artifact Analysis for User Behaviors in Collaboration Tools - Using differential forensics for distinct operating environments  

Kim, Young-hoon (Information Security LAB, GSI, Yonsei University)
Kwon, Tae-kyoung (Information Security LAB, GSI, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.3, 2021 , pp. 353-363 More about this Journal
Abstract
As the Untact era is rapidly changing, collaboration tools are increasing their utilization and value as digital technologies for non-face-to-face work. While instant messenger-based collaboration tools support a variety of functions, crime and accident concerns are also increasing in proportion to their convenience, such as information leakage and security incidents. Meanwhile, the digital forensics perspective on collaborative tools is not enough, so forensics research is needed. This study analyzes significant artifacts in the two operating environments through Windows and Android forensics research on Microsoft Teams, the collaboration tool with the highest share in the world. Also, based on differences in artifacts and data attributes according to the operating environment, by applying 'differential forensic', we proved that the usefulness of evidence can be improved by presenting a complementary analysis method and timeline configuration through information linkage.
Keywords
Digital Forensics; Differential forensic; Collaboration Tool; Microsoft Teams;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Mahajan, A. and Dahiya, M. S., & Sanghvi, H. P, "Forensic analysis of instant messenger applications on android devices," arXiv preprint arXiv, 1304.4915, Apr. 2013
2 Thakur, N. S, "Forensic analysis of WhatsApp on Android smartphones," University of New Orleans Theses and Dissertations. 1706, Aug. 2013
3 Jongcheol Yoon and Yongsuk Park, "Forensic Analysis of KakaoTalk Messenger on Android Environment," JKIICE, 20(1), pp. 72-80, Jan. 2016
4 Yang, T. Y. and Dehghantanha, A. and Choo, K. K. R. and Muda, Z, "Windows instant messaging app forensics: Facebook and Skype as case studies," PloS one, 11(3), e0150300, Mar. 2016   DOI
5 Shin, S. and Park, E. and Kim, S. and Kim, J, "Artifacts Analysis of Slack and Discord Messenger in Digital Forensic," Journal of Digital Contents Society(J. DCS), 21(4), 799-809, Apr. 2020   DOI
6 Seunghee Seo and Gihoon Nam and Yeog Kim and Changhoon Lee, "Artifacts Analysis of User s Behavior in Korea Random Chat Application." Journal of Digital Forensics, 12(3), pp. 1-7, Dec. 2018   DOI
7 Ababneh, A. and Awwad, M. A., and Al-Saleh, M. I, "IMO forensics in android and windows systems," 2017 8th International Conference on Information, Intelligence, Systems & Applications (IISA), pp. 1-6, IEEE, Aug. 2017
8 Scrivens, N. and Lin, X, "Android digital forensics: data, extraction and analysis," Proceedings of the ACM Turing 50th Celebration Conference-China pp. 1-10, May. 2017
9 Garfinkel, S. and Alex J. Nelson and Joel Young. "A general strategy for differential forensic analysis." Digital Investigation, pp. S50-S59, Aug. 2012
10 TWRP, https://twrp.me/about/, Dec. 2020
11 Odin. https://odindownload.com/, Dec. 2020
12 Lee, J., Lee, Y., Jin, M., Kim, J., & Hong, J, "Analysis of application installation logs on Android systems," In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, pp. 2140-2145, Apr. 2019