Authors: Megan Davis (Virginia Commonwealth University), Bridget McInnes (Virginia Commonwealth University), and Irfan Ahmed (Virginia Commonwealth University)
DFRWS USA 2022
Abstract
Instant messaging applications have gained considerable market share over the past decade and have become one of the most used applications for users worldwide. However, due to the low-barrier to entry and ease of use, these applications (apps) have also garnered the attention of criminals wanting to use the apps to facilitate criminal activities. The memory forensic examination of Discord and Slack on Linux operating system (specifically, Ubuntu 20.04.3 LTS), two popular instant messaging apps, has gone largely unexplored. In this paper, we examined both apps and found data remnants of users’ activities that are of forensic interest. We detected a variety of information including: Slack specific data, Discord specific data, username, emails, passwords, messages, conversations, and uploaded attachments, all of which could be
utilized in a forensic investigation.