LAUSR.org creates dashboard-style pages of related content for over 1.5 million academic articles. Sign Up to like articles & get recommendations!

Microsoft Teams desktop application forensic investigations utilizing IndexedDB storage

Photo by dmitrynovikoff from unsplash

While the COVID‐19 virus remolded the routines of the establishments, remote collaboration and distant communication gained more popularity. As the way electronic communications are handled changes drastically, new applications and… Click to show full abstract

While the COVID‐19 virus remolded the routines of the establishments, remote collaboration and distant communication gained more popularity. As the way electronic communications are handled changes drastically, new applications and storage mechanisms are introduced. Microsoft Teams is an application offered within the scope of Microsoft Office 365 that offers services for hosting virtual meetings, team communication, and comprehensive team resource management. It is prevalently used by organizations and indicates a great potential to be a source of digital forensic investigations. This paper scrutinizes the artifacts created by Microsoft Teams in IndexedDB persistent storage. IndexedDB is a fast‐growing client‐side storage technology that is relatively new as a source for digital forensic investigations. A single‐case pretest–posttest quasi experiment was conducted to produce artifacts in Microsoft Teams IndexedDB storage. The artifacts were extracted without user credentials indicating security flaws in the application. Extracted artifacts were processed based on signature patterns and evaluated for their significance. Traditional database queries were utilized to link and present the information clustered according to their relevancy. A time‐frame analysis was constructed to display information in a suitable format for investigators. The results indicate that Microsoft Teams IndexedDB storage artifacts contain significant potential for digital investigations with extraction of complete contents of private chat messages, voice mails, and team extensions with efficient time‐frame analysis.

Keywords: application; microsoft teams; teams indexeddb; forensic investigations; storage; indexeddb storage

Journal Title: Journal of Forensic Sciences
Year Published: 2022

Link to full text (if available)


Share on Social Media:                               Sign Up to like & get
recommendations!

Related content

More Information              News              Social Media              Video              Recommended



                Click one of the above tabs to view related content.