Forensic Analysis and Autopsy Module for Extracting Digital Evidence from Zoom Online Video Conferencing Application.

Abstract

Due to the global pandemic of COVID-19, video conferencing has gained tremendous attention before. Our lifeline to society suddenly rested on video communications, which allowed us to maintain a digital existence while working and attending school. An application such as Zoom has experienced a spike in its users, which has topped 300 million daily participants. Increasing use has led to abuse of the application by malicious actors, including Zoombombing and data theft. Consequently, Zoom must be forensically examined. Our research focuses on reverse- engineering the zoom application, specifically the encrypted database and the primary disk analysis. An Automated Forensic Analysis tool to extract digital evidence from Zoom video conferencing is the main outcome of the project. Associated with the project is an add-on module for Autopsy forensic software, one of the most popular open-source forensic programs. Through forensic imaging of digital devices, users' critical information can be captured in plain text or in encrypted/encoded form, such as chat messages, email addresses, and passwords, among other items. It is interesting that the private data of the target zoom user, as well as their contacts, were leaked.