Keeping up to provide secure access, the 'Lock' feature of RemotePC ™ lets you lock your remote computer during an ongoing session or immediately after the session ends. Key, a unique password set for each computer, acts as an extra layer of protection. RemotePC ™ uses TLS v 1.2/AES-256 encryption for transferring the data between distant and local computers. RemotePC ™ offers secure remote access with a host of features designed for a seamless experience. In above session, we have discussed evidence artifacts fabricated in the log files and TeamViewer TVC files.RemotePC ™ ensures secure access to remote computers These logs are valuable & as important as the evidence acquisition of emails, to find evidence if someone is accused to be done any cybercrime related with TeamViewer & involvment with other email platforms. It logs all activities that were performed in its log file. ConclusionĪs a popular and powerful remote administration tool, TeamViewer plays important role in forensics investigation. If this log is collected from your computer, then 474556784 is remote computer's TeamViewer ID, 135339165 is your computer's TeamViewer ID and 192.168.2.88 is the remote system's IP address. Now let us see few details about remote PC described in log file. It is important for forensic investigator that to identify location from which the remote access had been done. represents the machine details from where the system is accessed. The other details like IP, IE version etc. From the above sample log details, we can see the timestamp of the session starting along with the version used. The start session indicates the beginning of new section. Here we explore few TeamViewer forensic artifacts that a forensic investigator needed to concentrate. Analysis of Log FileĪs pointed above, log file contains detailed information about all activities. We can open this file in any text editor, which will show the "Target ID" (TeamViewer ID) and "Action" (type of remote assistance). Few contents in this log file is listed below:Īdditional to these logs, we can find TVC (TeamViewer Configuration File) created by TeamViewer under the folder.Įach files represents remote connection established and file name is the remote TeamViewer ID. This log file is the complete history of all incoming and outgoing connections. It stores each and every activity of TeamViewer with timestamps, remote system IP, TeamViewer ID etc. For more detailed information, we should open TeamViewerX_Logfile.log file. The basic details of the connection can be obtained from this text file. It lists out connected TeamViewer ID, The computer name from which connection established, time duration, connection type and connection unique ID. Sample content in this log file is shown below: It basically stores details of incoming connection that is established within the client PC. There are mainly two log files that TeamViewer maintains: Inside the installation directory, TeamViewer logs all its activities. The artifacts of TeamViewer can be found inside directories as given below: The installation directory of TeamViewer is : TeamViewer saves all connection information and activity details in its installation directory, which is extremely helpful for any forensic investigators. Here we are discussing artifacts in client/remote administrator PC model of TeamViewer activity. The figure shows the communication process in TeamViewer. The artifacts about TeamViewer is present at 3 ends – Remote Administrator side (Support PC), the server through which connection establishes and communication takes place (Secure Access Server) and the PC where we remotely access (Client PC). As a forensics examiner it is insisted to know TeamViewer activities in detail and how to fetch the information buried in it. He can capture crucial and confidential information present on remote PC and also he can destroy or misuse them. The remote controller can perform all kinds of activity that a user physically does. Remote controlling is powerful as physically accessing the target system. The encroachment of an unauthorized person into someone's PC allows accessing their data. Role of TeamViewer in Digital ForensicsĪs we know, TeamViewer is a powerful remote monitoring tool, it plays significant role in digital forensics. TeamViewer supports common platforms especially Windows, Linux, Mac and Mobile phones. The latest version of TeamViewer is v 1 and it is for personal/Non-commercial use. It provides an All-In-One solution to all features such as remote control, desktop sharing, file transferring, messaging etc. This provides us an interface as if we are sitting in front of that computer. It can connect any PC or Server via internet so that we can remotely control partner's computer. TeamViewer is the popular Internet-based remote administration software developed by TeamViewer GmbH.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |