Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.6.1113

Forensic Analysis of Element Instant Messenger Artifacts  

Cho, Jae-min (Korea University)
Byun, Hyeon-su (Seoul National University of Science And Technology)
Yun, Hui-seo (Seoul National University of Science And Technology)
Seo, Seung-hee (Seoul National University of Science And Technology)
Lee, Chang-hoon (Seoul National University of Science And Technology)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.6, 2022 , pp. 1113-1120 More about this Journal
Abstract
Recently, the investigation has been difficult due to the emergence of messengers that encrypt and store data for the purpose of protecting personal information and provide services such as end-to-end encryption with a focus on security. Accordingly, the number of crime cases using security messengers is increasing, but research on data decoding for security messengers is needed. Element security messengers provide end-to-end encryption functions so that only conversation participants can check conversation history, but research on decoding them is insufficient. Therefore, in this paper, we analyze the instant messenger Element, which provides end-to-end encryption, and propose a plaintext verification of the history of encrypted secure chat rooms using decryption keys stored in the Windows Credential Manager service without user passwords. In addition, we summarize the results of analyzing significant general and secure chat-related artifacts from a digital forensics investigation perspective.
Keywords
messenger; forensics; end-to-end encryption; Element;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Financial Supervisory Service, "Analys is of damage from voice phishing in 2021", https://www.fss.or.kr/fss/bbs/B0000188/view.do?nttId=55444&menuNo=200218&pageIndex=1, 2022.11.07.
2 Jihun Son, Yeong Woong Kim, Dong Bin Oh, Kyounggon Kim, "Forensic analysis of instant messengers: decrypt signal, wickr, and threema," Forensic Science International: Digital Investigation ,Volume 40, Mar. 2022, Article: 301347, ISSN 2666-2817
3 vector-im, "element-desktop", https://github.com/vector-im/element-desktop, 2022.11.07
4 loud11, "windows credential", "testrepo_for_credential_retrieve", https://github.com/loud11/testrepo_for_credential_retrieve/releases, 2022.11.07
5 Matrix.org, "matrix protocol", https://matrix.org/, 2022.11.07
6 loud11, "indexed DB", https://github.com/loud11/simple-tool/blob/main/deseiral.py, 2022.11.07
7 loud11,"matrix", https://github.com/loud11/simple-tool/blob/main/matrix_communication.js, 2022.11.07
8 obsidianforensics,"indexed DB", https://github.com/obsidianforensics/ccl_chrome_indexeddb, 2022.11.07.
9 Public Data Portal, "Monthly Status of Voice Phishing at the National Police Agency" ,https://www.data.go.kr/data/15099013/fileData.do, 2022.11.07
10 Guido Cornelis Schipper, Rudy Seelt, Nhien-An Le-Khac, "Forensic analysis of matrix protocol and riot.im application," Forensic Science International: Digital Investigation, Volume 36, Supplement, Mar 2021, Article: 301118,ISSN 2666-2817