![]() This study identifies relevant artifacts that can be forensically extracted from the registry of a window 10 device that accessed iDrive cloud storage. Therefore, there is a need to perform client-side forensics to be able to carry out forensic investigation on digital devices as related to the activities on cloud storage. The logs of malicious usages can be obtained from the cloud service providers for forensic investigations but the privacy issue among other factors make it difficult for such logs to be shared. These benefits can also be exploited by the cybercriminals to perform various criminal activities including storing and exchanging of illegal materials on cloud storage platforms. The accessibility of cloud storage over the internet as a result of cloud computing technology provides the opportunity to store, share and upload data online with the use of digital devices which can be accessed anytime and anywhere. To illustrate the value of our findings we publish a Python module for Autopsy that automatically locates, processes and visualises key TeamViewer artefacts for an Investigator. We also highlight a potential privacy concern due to inadequate uninstallation processes. ![]() This paper shows that with suitable evidence, an Investigator can identify which machines have performed remote control or been controlled, transferred files and have been remotely rebooted, among other events. As a market-leading solution for Windows, TeamViewer is an impactful starting point to demonstrate that such software is forensically-valuable to explore. Despite its importance and prevalence, forensic research into RDS is minimal. RDS complicates a Forensic Investigation as any person with remote access privileges or knowledge of bypassing them could be responsible for an action. ![]() With an unprecedented shift to remote working due to the COVID-19 Pandemic, more people are working on home devices without enterprise IT support and therefore reliant upon this software to collaborate and keep their systems available and secure. Operations are sent to the remote machine and executed as if performed by a local user. Remote Desktop Software (RDS) enables the controlling of a computer system without the need for physical access.
0 Comments
Leave a Reply. |