Forensic investigations of Google Meet and Microsoft Teams

 

Forensic investigations of Google Meet and Microsoft Teams – two popular conferencing tools in the Pandemic

Authors	Azhar, H., Timms, J. and Tilley, B.
Abstract	The Covid-19 pandemic has created unprecedented challenges in the technology age. Previous infrequently used applications were pushed into the spotlight and had to be considered reliable by their users. Applications had to evolve to accommodate the shift in normality to an online world quickly, predominantly for businesses and educational purposes. Video conferencing tools like Zoom, Google Hangouts, Microsoft Teams, and WebEx Meetings can make communication easy, but ease of online communications could also make information easier for cybercriminals to access and to use these tools for malicious purposes. Forensic evaluation of these programs is important, as being able to easily collect evidences against the threat actors will aid investigations considerably. This paper reports how artefacts from two popular video conferencing tools, Microsoft Teams and Google Meet, could be collected and analysed in forensically sound manners. Industry standard cyber forensics tools have been reported to extract artefacts from range of sources, such as memory, network, browsers and registry. The results are intended to verify security and trustworthiness of both applications as an online conferencing tool.
Keywords	Google Meet ; MS Teams ; Digital forensics; Memory forensics; Video conferencing
Page range	20-34
Year	2022
Book title	Digital Forensics and Cyber Crime
Publisher	Springer Nature
Output status	Published
ISBN	978-3-031-06365-7
Publication process dates
Deposited	10 Jun 2022
Digital Object Identifier (DOI)	https://doi.org/10.1007/978-3-031-06365-7_2
Official URL	https://link.springer.com/chapter/10.1007/978-3-031-06365-7_2

Permalink -

https://repository.canterbury.ac.uk/item/9139z/forensic-investigations-of-google-meet-and-microsoft-teams-two-popular-conferencing-tools-in-the-pandemic

References

1. Statista: Growth in downloads of select video conferencing apps as of March 2020 vs. weekly average for Q4 2019, by country (2021). https://www.statista.com/statistics/1109875/download-growth-video-conferencing-apps/. Accessed 02 September 2021

2. Office for National Statistics: Coronavirus and homeschooling in Great Britain: April to June 2020 (2020). https://www.ons.gov.uk/peoplepopulationandcommunity/educationandchildcare/articles/coronavirusandhomeschoolingingreatbritain/apriltojune2020. Accessed 02 September 2021

3. Wiltshire Police: Incidents of ‘zoom-bombing’ reported in Wiltshire - Wiltshire Police (2020). https://www.wiltshire.police.uk/article/6136/Incidents-of-zoom-bombing-reported-in-Wiltshire. Accessed 02 September 2021

4. BBC News: ‘Zoombombing’ targeted with new version of app’ (2020). https://www.bbc.com/news/business-52392084. Accessed 02 September 2021

5. Sky News: Coronavirus: FBI investigating after pornography used to ‘Zoombomb’ video conferences (2020). https://news.sky.com/story/coronavirus-fbi-investigating-after-pornography-used-to-zoombomb-video-conferences-11966712. Accessed 02 September 2021

6. Hawthorn, N.: McAfee Blogs -Top 10 Microsoft Teams Security Threats (2020). https://www.mcafee.com/blogs/enterprise/cloud-security/microsoft-teams-top-ten-security-threats/. Accessed 02 September 2021

7. John, A.S.: It’s Not Just Zoom. Google Meet, Microsoft Teams, and Webex Have Privacy Issues, Too (2020). https://www.hawaii.edu/its/wp-content/uploads/sites/2/2020/05/Google-Meet-Microsoft-Teams-Webex-Privacy-Issues-Consumer-Reports.pdf. Accessed 02 September 2021

8. Mahr, A., Cichon, M., Mateo, S., Grajeda, C., Baggili, I.: Zooming into the pandemic! A forensic analysis of the Zoom Application. Foren. Sci. Int. Dig. Invest. 36, 301107 (2021). https://doi.org/10.1016/j.fsidi.2021.301107

9. CVE - Request CVE IDs (2021). https://cve.mitre.org/cve/request_id.html#cna. Accessed 02 September 2021

10. CVE-2017–6517: Vulnerability Details: CVE-2017–6517 (2019). https://www.cvedetails.com/cve/CVE-2017-6517/. Accessed 02 September 2021

11. Idowu, S., Dominic, D., Okolie, S.O., Goga, N.: Security vulnerabilities of skype application artifacts: a digital forensic approach. Int. J. Appl. Inf. Syst. 12 (2019). https://doi.org/10.5120/ijais2019451784

12. StatCounter GlobalStats: Mobile Operating System Market Share Worldwide (2021). https://gs.statcounter.com/os-market-share/mobile/worldwide. Accessed 02 September 2021

10 most read posts on the blog May 2022

 

Driver Drowsiness Detection Using Gray Wolf Optimizer Based on Face and Eye Tracking

  Driver Drowsiness Detection Using Gray Wolf Optimizer Based on Face and Eye Tracking Sarah S. Jasim Department of IT, Technical College of...

Young coder's Comp in Hello World Magazine

  The young coder's competition ( https://codingcompetition.org/ ) has been running for a number of years, aimed at students in Years 5-...

Deep learning approach for real-time video streaming traffic classification

  Title Deep learning approach for real-time video streaming traffic classification Authors Turner, S. , Al Jameel, M., Kanakis, T., Al-Sher...

Winners of the Young coders Competition 2021

The Young Coder's competition goes from strength to strength with the number of entries increased by 1200%! The competition aim is to h...

Dr Scott Turner: Problem-solving and Programming publications

  Turner, S. J. (2018) Games in teaching programming: HE perspective. Invited Presentation presented to: Gaming in Education, Milton Keynes,...

Young Coder's Competition 2021 and beyond

  In the news today there have been a number of articles e.g. UK 'heading towards digital skills shortage disaster')  https://www.bb...

Developing conversational agents for use in criminal investigations

 Developing conversational agents for use in criminal investigations SAM HEPENSTAL, Defence Science Technology Laboratory, UK  LEISHI ZHANG,...