As part of my master’s thesis at Abertay University, I’d spent most of the past three months digging through the artifacts generated by Microsoft Teams Desktop Client throughout the application usage and analyzing how these could be used in a forensic investigation. My research showed that Microsoft Teams stores an abundance of information, both metadata and user-generated artifacts, that can prove extremely valuable. As my thesis turned out quite technical and is still in the publication process, this post should provide a first overview of my findings. I will also introduce you to my brand-new Autopsy parser for Microsoft Teams that allows extracting communication artifacts, such as messages, contacts, and call logs programmatically.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings