π₯ Communication
π¬ Slack
These are primarily my course notes from Slacking on insider threat by Magnet Forensics. Thank you, guys, for sharing! I will put a quote paragraph with a π‘at the beginning whenever I have some ideas or thoughts along the way.
Instant messaging with channels and file sharing. Also, provides logs and eDiscovery.
Cloud-based, collection is not enough (non reviewable format), your plan matters, tons of functionality.
- Workspaces
- Channels
- DMs
With certain settings users of workspace can override retention settings. Itβs recommended to turn this feature off, so that all logs are preserved.
π¬ Mail
General Reference
π¬ Messaging Data
Electron is a framework that is available for building applications, cross-platform. Youβre creating a web-application that can be used as a desktop one (implementing both back- and frontend). Backend - node.js, and frontend - Chrome. So, a lot of artifacts can be shared with Chrome and buddies. Itβs in wide use. For example, β οΈ WhatsApp and Skype use it.
Skype
Tools π : Belkasoft EC, SkypeLogView (NirSoft)
C:\Users\%Username%\AppData\Roaming\Skype.
Skype: Path: C:| Users\ \*\AppData\ Local\ Packages\Microsoft.SkypeApp\_\*\ Localstate\\*\main. db
Skype: Path: C:\Documents and Settings\\*\Application Data\Skype\\*\main.db
Xbox
Windows: C:\Users\%Username%\AppData\Local\LocalState\ModelManager\Messaging.
*This article is a summary of all possible location of WhatsApp app on mobile and desktop and the recommendations on acquisition and analysis. *