Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/springer-journals/a-practical-hands-on-approach-to-database-forensics-forensic-analysis-r6jTYyOo0P
- Publisher
- Springer International Publishing
- Copyright
- © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2022
- ISBN
- 978-3-031-16126-1
- Pages
- 93 –123
- DOI
- 10.1007/978-3-031-16127-8_4
- Publisher site
- See Chapter on Publisher Site
Abstract
[This chapter focuses on the examination of the qTox message application. Recently, there have been a lot of child exploitation activities where the suspects use amongst other things an E2EE messenger called qTox (using the tox-protocol) for their communication to other offenders. The tox-protocol is an encrypted open source peer-to-peer network protocol without a central server infrastructure for chat, file transfer, video chat and VoIP. Standard forensic software is currently not able to detect or reconstruct qTox communication. This chapter presents an approach to examine qTox artifacts and demonstrates possibilities to reconstruct qTox communication, friend lists and account information for the investigator. This approach is tested with the qTox client version used in the main operating systems Windows and Linux in a virtual environment. The analysis of the qTox source code to find out the relevant encryption functions is described. The search for artifacts in the image files of the operating systems and in the memory dumps of the running machines is also presented. The structure of the encrypted qTox profile sqlite database is discussed in details.]
Published: Oct 22, 2022