This article delves into the complexities of analyzing Zoom Team Chat artifacts within a digital forensic framework, highlighting the challenges posed by data encryption and the necessity for both local and server-side keys. The forensic analysis focuses on user activity tracking through various applications, culminating in the extraction of crucial communication data from Zoom Team Chat. Affected: Zoom, Chrome, Discord
Keypoints :
- Analysis of a disk image revealed ransomware infection.
- Windows jumplists were used to identify recently executed programs despite encrypted files.
- User activity was traced through Google Chrome and Discord, leading to Zoom Team Chat analysis.
- Zoom stores data in encrypted databases complicating forensic investigations.
- Capture of encryption keys involved monitoring API calls and the use of forensic tools.
- Successful decryption allowed recovery of user communications and messages within Zoom Team Chat.