Forensic Analysis of the Microsoft Teams Desktop Client

As part of my master’s thesis at Abertay University, I’d spent most of the past three months digging through the artifacts generated by Microsoft Teams Desktop Client throughout the application usage and analyzing how these could be used in a forensic investigation. My research showed that Microsoft Teams stores an abundance of information, both metadata and user-generated artifacts, that can prove extremely valuable. As my thesis turned out quite technical and is still in the publication process, this post should provide a first overview of my findings. I will also introduce you to my brand-new Autopsy parser for Microsoft Teams that allows extracting communication artifacts, such as messages, contacts, and call logs programmatically.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Azure App exposed hundreds of source code repositories

Knock Knock! Who's There? – An NSA VM