Loading...
Publication
Forensic Analysis of Signal Desktop
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 11.66 MB | Adobe PDF |
Abstract(s)
Com a crescente preocupação com a segurança e privacidade das conversas pessoais,
as aplicações de mensagens instantâneas com encriptação ponta-a-ponta tornaram-se
um foco importante da investigação forense. Este estudo apresenta uma metodologia
detalhada e um script em Python para desencriptar e analisar artefactos forenses
do Signal Desktop em ambientes Windows e Linux. A abordagem divide-se em duas
fases: i) a desencriptação dos dados armazenados localmente e ii) a análise e documentação
dos artefactos forenses. Para preservar a integridade dos dados, a extração
pode ser realizada sem iniciar o Signal Desktop, evitando alterações indesejadas. Em
sistemas Linux, é ainda possível realizar uma extração forense completa diretamente
a partir dos ficheiros. Os dados extraídos são processados e organizados em vários relatórios,
facilitando o trabalho dos investigadores forenses. Adicionalmente, descrevemos
um processo detalhado, passo a passo, para extrair dados da Gnome Keyring e
da KWallet, útil em ambientes Linux onde o Signal Desktop depende destes sistemas
para armazenamento seguro, mas também aplicável a outros dados não relacionados
com o Signal. Os métodos apresentados oferecem uma base sólida para a extração e
análise de artefactos encriptados do Signal em várias plataformas desktop, facilitando
a realização de investigações forenses rigorosas.
With growing concerns over the security and privacy of personal conversations, endto- end encrypted instant messaging applications have become a key focus of forensic research. This study presents a detailed methodology along with an automated Python script for decrypting and analyzing forensic artifacts from Signal Desktop on both Windows and Linux environments. The methodology is divided into two phases: i) decryption of locally stored data and ii) analysis and documentation of forensic artifacts. To ensure data integrity, this approach enables retrieval without launching Signal Desktop, preventing potential alterations. On Linux, it additionally allows a full forensic extraction directly from stored files. A reporting module organizes the extracted data for forensic investigators, enhancing usability. We also provide a comprehensive step-by-step process for forensically extracting data from Gnome Keyring and KWallet, supporting Linux environments where Signal Desktop relies on these systems for secure storage, while also enabling potential applications beyond Signal-related data The methods presented provide a robust framework for extracting and analyzing encrypted Signal artifacts across desktop platforms, supporting thorough forensic investigations.
With growing concerns over the security and privacy of personal conversations, endto- end encrypted instant messaging applications have become a key focus of forensic research. This study presents a detailed methodology along with an automated Python script for decrypting and analyzing forensic artifacts from Signal Desktop on both Windows and Linux environments. The methodology is divided into two phases: i) decryption of locally stored data and ii) analysis and documentation of forensic artifacts. To ensure data integrity, this approach enables retrieval without launching Signal Desktop, preventing potential alterations. On Linux, it additionally allows a full forensic extraction directly from stored files. A reporting module organizes the extracted data for forensic investigators, enhancing usability. We also provide a comprehensive step-by-step process for forensically extracting data from Gnome Keyring and KWallet, supporting Linux environments where Signal Desktop relies on these systems for secure storage, while also enabling potential applications beyond Signal-related data The methods presented provide a robust framework for extracting and analyzing encrypted Signal artifacts across desktop platforms, supporting thorough forensic investigations.
Description
Keywords
Informática forense Signal Electron KWallet Gnome Keyring Desencriptação Mensagens instantâneas