Abstract
Recently, the investigation has been difficult due to the emergence of messengers that encrypt and store data for the purpose of protecting personal information and provide services such as end-to-end encryption with a focus on security. Accordingly, the number of crime cases using security messengers is increasing, but research on data decoding for security messengers is needed. Element security messengers provide end-to-end encryption functions so that only conversation participants can check conversation history, but research on decoding them is insufficient. Therefore, in this paper, we analyze the instant messenger Element, which provides end-to-end encryption, and propose a plaintext verification of the history of encrypted secure chat rooms using decryption keys stored in the Windows Credential Manager service without user passwords. In addition, we summarize the results of analyzing significant general and secure chat-related artifacts from a digital forensics investigation perspective.
| Translated title of the contribution | Forensic Analysis of Element Instant Messenger Artifacts |
|---|---|
| Original language | Korean |
| Pages (from-to) | 1113-1120 |
| Number of pages | 8 |
| Journal | 정보보호학회논문지 |
| Volume | 32 |
| Issue number | 6 |
| DOIs | |
| State | Published - 2022 |