{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T16:49:11Z","timestamp":1770914951063,"version":"3.50.1"},"reference-count":24,"publisher":"Springer Science and Business Media LLC","issue":"3-4","license":[{"start":{"date-parts":[[2022,8,12]],"date-time":"2022-08-12T00:00:00Z","timestamp":1660262400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,8,12]],"date-time":"2022-08-12T00:00:00Z","timestamp":1660262400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2023,4]]},"DOI":"10.1007\/s12243-022-00919-6","type":"journal-article","created":{"date-parts":[[2022,8,12]],"date-time":"2022-08-12T04:02:54Z","timestamp":1660276974000},"page":"183-208","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Forensic investigation of Cisco WebEx desktop client, web, and Android smartphone applications"],"prefix":"10.1007","volume":"78","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1810-0224","authenticated-orcid":false,"given":"Zainab","family":"Khalid","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Farkhund","family":"Iqbal","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Faouzi","family":"Kamoun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liaqat Ali","family":"Khan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Babar","family":"Shah","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,8,12]]},"reference":[{"key":"919_CR1","unstructured":"Fortune Business Insights. (2021, June). Video conferencing market size, share, trends and growth. www.fortunebusinessinsights.com. Retrieved from https:\/\/www.fortunebusinessinsights.com\/industry-reports\/video-conferencing-market-100293"},{"key":"919_CR2","unstructured":"Lorenz, T. (2020, March 20). \u2018Zoombombing\u2019: when video conferences go wrong. The New York Times. Retrieved from https:\/\/www.nytimes.com\/2020\/03\/20\/style\/zoombombing-zoom-trolling.html"},{"key":"919_CR3","unstructured":"Hussain, R. (2020, April 12). Experts warn against vulnerabilities of apps, videoconferencing platforms. Arab News. Retrieved from https:\/\/www.arabnews.com\/node\/1657286\/saudi-arabia"},{"key":"919_CR4","doi-asserted-by":"publisher","unstructured":"Khalid, Z., Iqbal, F., Kamoun, F., Hussain, M., & Khan, L. A. (2021). Forensic analysis of the Cisco WebEx application. 2021 5th Cyber Security in Networking Conference (CSNet), pp. 90-97.\u00a0https:\/\/doi.org\/10.1109\/CSNet52717.2021.9614647","DOI":"10.1109\/CSNet52717.2021.9614647"},{"key":"919_CR5","unstructured":"ENISA. (2012, April 2). Procure Secure: a guide to monitoring of security service levels in cloud contracts\u2014ENISA. Europe: European Union Agency for Network and Information Security (ENISA). Retrieved from https:\/\/www.enisa.europa.eu\/activities\/Resilience-and-CIIP\/cloud-computing\/procure-secure-a-guide-tomonitoring-of-security-service-levels-in-cloud-contracts"},{"key":"919_CR6","unstructured":"Brockschmidt, K. (2014, July 15). Programming Windows Store Apps with HTML, CSS, and JavaScript. Microsoft Press Store by Pearson. Retrieved from https:\/\/www.microsoftpressstore.com\/store\/programming-windows-store-apps-with-html-css-and-javascript-9780735695665"},{"issue":"3","key":"919_CR7","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0150300","volume":"11","author":"TY Yang","year":"2016","unstructured":"Yang TY, Dehghantanha A, Choo KR, Muda Z (2016) Windows instant messaging app forensics: Facebook and Skype as case studies. PLOS ONE 11(3):e0150300. https:\/\/doi.org\/10.1371\/journal.pone.0150300","journal-title":"PLOS ONE"},{"key":"919_CR8","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1016\/j.diin.2019.03.012","volume":"29","author":"M Nicoletti","year":"2019","unstructured":"Nicoletti M, Bernaschi M (2019) Forensic analysis of Microsoft Skype for business. Digital Investigation 29:159\u2013179. https:\/\/doi.org\/10.1016\/j.diin.2019.03.012","journal-title":"Digital Investigation"},{"key":"919_CR9","doi-asserted-by":"publisher","unstructured":"Mahr A, Cichon M, Mateo S, Grajeda C, Baggili I (2021) Zooming into the pandemic! A forensic analysis of the Zoom application. Forensic Science International. Digital Investigation 36. https:\/\/doi.org\/10.1016\/j.fsidi.2021.301107","DOI":"10.1016\/j.fsidi.2021.301107"},{"key":"919_CR10","unstructured":"Nicoletti, M., & Bernaschi, M. (2021, September 08). Forensics for Microsoft Teams. Retrieved December 03, 2021, from https:\/\/arxiv.org\/pdf\/2109.06097"},{"key":"919_CR11","doi-asserted-by":"publisher","unstructured":"Herschel, R. B. (2021). A forensic analysis of Microsoft Teams. Purdue University Graduate School. Thesis. https:\/\/doi.org\/10.25394\/PGS.15091329.v1","DOI":"10.25394\/PGS.15091329.v1"},{"key":"919_CR12","unstructured":"Bilz, A. (2021, September 9). A forensic gold mine III: forensic analysis of the Microsoft Teams desktop client. https:\/\/www.alexbilz.com\/post\/2021-09-09-forensic-artifacts-microsoft-teams\/"},{"issue":"3","key":"919_CR13","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1016\/j.diin.2014.04.003","volume":"11","author":"C Anglano","year":"2014","unstructured":"Anglano C (2014) Forensic analysis of WhatsApp Messenger on android smartphones. Digital Investigation 11(3):201\u2013213. https:\/\/doi.org\/10.1016\/j.diin.2014.04.003","journal-title":"Digital Investigation"},{"key":"919_CR14","doi-asserted-by":"publisher","unstructured":"Sgaras C, Kechadi M-T, Le-Khac N-A (2015) Forensics acquisition and analysis of instant messaging and VoIP applications. Computational Forensics:188\u2013199. https:\/\/doi.org\/10.1007\/978-3-319-20125-2_16","DOI":"10.1007\/978-3-319-20125-2_16"},{"key":"919_CR15","doi-asserted-by":"publisher","first-page":"166","DOI":"10.23956\/ijermt.v6i8.133","volume":"6","author":"H Tandel","year":"2018","unstructured":"Tandel H, Rughani PH (2018) Forensic analysis of Asterisk-FreePBX based VoIP server. International Journal of Emerging Research in Management & Technology 6:166\u2013171. https:\/\/doi.org\/10.23956\/ijermt.v6i8.133","journal-title":"International Journal of Emerging Research in Management & Technology"},{"key":"919_CR16","doi-asserted-by":"publisher","unstructured":"Dargahi, T., Dehghantanha, A., & Conti, M. (2017). Forensics analysis of android mobile VoIP apps. Contemporary Digital Forensic Investigations of Cloud and Mobile Applications,pp. 7\u201320.\u00a0https:\/\/doi.org\/10.1016\/b978-0-12-805303-4.00002-2","DOI":"10.1016\/b978-0-12-805303-4.00002-2"},{"key":"919_CR17","doi-asserted-by":"publisher","unstructured":"Sha MM, T M, Abd El-atty SM (2016) VoIP forensic analyzer. International Journal of Advanced Computer Science and Applications 7. https:\/\/doi.org\/10.14569\/ijacsa.2016.070116","DOI":"10.14569\/ijacsa.2016.070116"},{"key":"919_CR18","doi-asserted-by":"publisher","unstructured":"Simon, M., & Slay, J. (2010). Recovery of Skype application activity data from physical memory. 2010 International Conference on Availability, Reliability and Security, pp. 283-288.\u00a0https:\/\/doi.org\/10.1109\/ARES.2010.73","DOI":"10.1109\/ARES.2010.73"},{"key":"919_CR19","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1016\/j.diin.2016.12.004","volume":"20","author":"A Case","year":"2017","unstructured":"Case A, Richard GG (2017) Memory forensics: the path forward. Digital Investigation 20:23\u201333. https:\/\/doi.org\/10.1016\/j.diin.2016.12.004","journal-title":"Digital Investigation"},{"key":"919_CR20","unstructured":"Khalid, Z. (2021, December 27). ciscowebexmemory. GitHub. https:\/\/github.com\/znbkhld\/ciscowebexmemory"},{"key":"919_CR21","doi-asserted-by":"publisher","DOI":"10.1002\/9781119329190","volume-title":"Network Forensics","author":"R Messier","year":"2017","unstructured":"Messier R (2017) Network Forensics. Wiley, Indianapolis"},{"key":"919_CR22","unstructured":"Caithness, A. (2020, September 23). Hang on! That\u2019s not SQLite! Chrome, Electron and LevelDB. cclsolutionsgroup.com. Retrieved December 19, 2021, from https:\/\/www.cclsolutionsgroup.com\/\/post\/hang-on-thats-not-sqlite-chrome-electron-and-leveldb"},{"key":"919_CR23","doi-asserted-by":"publisher","unstructured":"Glisson, W. B., Storer, T., Blyth, A., Grispos, G & Campbell, M. (2016). In-the-wild residual data research and privacy. Journal of Digital Forensics, Security and Law, 11 (1), pp. 77-97. https:\/\/doi.org\/10.15394\/jdfsl.2016.1371","DOI":"10.15394\/jdfsl.2016.1371"},{"key":"919_CR24","unstructured":"Cisco Webex Meetings: Privacy Data Sheet. https:\/\/trustportal.cisco.com\/c\/dam\/r\/ctp\/docs\/privacydatasheet\/collaboration\/cisco-webex-meetings-privacy-data-sheet.pdf"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-022-00919-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12243-022-00919-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-022-00919-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,9]],"date-time":"2025-04-09T13:15:46Z","timestamp":1744204546000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12243-022-00919-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,12]]},"references-count":24,"journal-issue":{"issue":"3-4","published-print":{"date-parts":[[2023,4]]}},"alternative-id":["919"],"URL":"https:\/\/doi.org\/10.1007\/s12243-022-00919-6","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"value":"0003-4347","type":"print"},{"value":"1958-9395","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,12]]},"assertion":[{"value":"13 January 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 July 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 August 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Forensic research needs to consider the potential ethical and legal considerations associated with privacy, intellectual property, responsible disclosure, secondary uses of personal information, terms of use, informed consent, and use of human participants among others []. We have taken the necessary steps for addressing or mitigating these common concerns as explained below. The inherent nature of this forensic study is not to expose flaws, hackable security vulnerabilities, or zero-day exploits whose exploitation might lead to incidents but rather to guide forensic investigators unearth readily accessible digital data that some users may want to hide as evidence of legal wrongdoing. Recall that every user interaction with the WebEx application leaves behind some residual forensic evidence which originates from personal data that the app requires to properly operate as per the WebEx privacy terms and conditions []. Hence, in our case, ethical and legal issues pertaining to responsible disclosure of vulnerabilities did not apply, as we did not divulge any vulnerability that might jeopardize the availability, integrity, or confidentiality of Cisco WebEx data and system files.All our forensic experiments were conducted in a controlled laboratory setting by one of the co-authors who, as the owner of the testing device, provided explicit permission and consent for the residual forensic data (including personal identifying information) to be included in this study. Accordingly, privacy concerns associated with the practice of involving human participants in the research were addressed.The usage of the three WebEx videoconferencing applications, as reported in this study, was conducted in full compliance with Cisco WebEx license terms and conditions. In particular, we did not perform any form of code inspection, decryption, alteration, or reverse engineering on the WebEx software. The forensic artifacts collected from our study belong to the categories of personal data that is required to use the WebEx Service as per Cisco WebEx privacy data sheet [].","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"The authors declare no competing interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}