Table 1.
Tools used for forensic analysis
| Tool/device | Software version | Usage |
|---|---|---|
| Windows 10 virtual machine (VM) | 10 | Test environment |
| Samsung Galaxy Grand Prime+ | Marshmallow 6.0.1 | Test device |
| Cisco WebEx desktop application | 41.3.0.18191 | Videoconferencing application to test for forensic artifacts |
| Cisco WebEx web application | 42.1.1.1286 | Videoconferencing web application to test for forensic artifacts |
| WebEx meetings smartphone application | 42.2.0.242020258 | Videoconferencing application to test for forensic artifacts |
| AccessData FTK Imager | 4.5.0.3 | Creation and analysis of forensic images |
| Volatility | 2.6 | Analysis of memory dumps |
| Autopsy | 4.19.1 | Analysis of forensic images |
| Andriller CE | 3.6.1 | Logical acquisition (and report generation) for Android smartphone |
| Strings | 2.53 | Manual string searching |
| Bulk Extractor | 1.6.0 | Analysis of image dumps |
| PhotoRec | 7.2 | Carve .jpeg images |
| DB Browser for SQLite | 3.12.1 | Browse application databases in client application folder |
| Regedit | 6.1.7600.16385 | View Windows Registry |
| PECmd, Eric Zimmerman | 1.5.0.0 | Parse prefetch files |
| SuperSU | 2.82 | Android rooting software |
| Wireshark | 3.4.3 | Capture/analyze network traffic |
| NetworkMiner | 2.6 | Analyze network traffic |
| ChromeCacheView | 2.27 | View WebEx cache |
| ChromeCookiesView | 1.66 | View WebEx cookies |
| DCode | 5.5.21194.40 | Timestamp decoding |
| Android Debug Bridge (ADB) | 1.0.41 | Acquisition for ADB backup |