Introduction To Application Analysis
The Web Application Analysis team has been assigned to examine desktop-based web applications for both Mac and PC and determine what kind of artifacts can be found from them. Thus far, the team has endeavored to analyze Discord, Dropbox, Slack, and Twitter. We have also selected several forensic tools to help us investigate these apps.
Analysis: Web App Security
Based off of each app’s pre-existing security features, we have predicted that Twitter will be the least secure and Discord will be the most secure. Our research has shown Twitter to be lacking in secure features on their web application. However, Discord has shown to be the most promising in terms of security, as the team found several different security features.
Process: Choosing the Systems and the Apps
We began by determining which operating systems are going to serve as the backbone for our research. For PCs we chose both Windows 7 and 10, with the former being the most widely used version of Windows and the latter being the newest and fastest growing. For Mac we decided on macOS Sierra as it holds the largest user base out of any other rendition of Mac OS. From there we moved on to the web applications.
Our team looked over web applications that might store valuable data on a person’s home computer. With the selection of the apps, we wanted to investigate two common categories: business and sociability. After carefully weighing options, the team decided to investigate four web applications: Discord’s lightweight VoIP client and the social media giant Twitter will encompass our social app analysis, and our business-focused applications by examining the cloud storage service Dropbox and Slack, an enterprise-level communication program.
Dropbox was researched last spring at the LCDI, giving us a baseline that we can use to further determine how it has changed over time and if its security features have improved. While Dropbox is just a file sharing service, it was placed in the business category for its uses for transferring and storing files within a workplace. We plan to look for artifacts that could link accounts to specific files that are being stored and exchanged, along with any personal or organization information the app might store. The search was designed in this manner to simulate how an enterprise might use the app and what artifacts could be retrieved from such uses.
The other business application we identified is Slack. As a newer application available for businesses, it is designed to streamline workplace communications. It was released in August of 2013, and has since grown into a billion dollar business. Slack is currently being used by LCDI as well as many other companies like Samsung and NASA. Our focus for this app is to see what artifacts can be retrieved relating to a user’s communications and information such as their channels, notifications, and file uploads. We will be focusing on these since they relate to critical data and assets a company might put on the app with artifacts relating to logistics, resources, and internal documents.
Discord utilizes VoIP to provide voice chat over user-created streams and channels through the desktop application. With a fast-growing user-base of gamers and streamers, it was identified as one of the youngest and fastest growing apps on the market, released in March of 2015 and currently supporting over 300 million users. In our research, we will be looking into recovering data related to message contents, user boards, and IPs that can be obtained from residual data left from everyday app usage. This will be simulated by creating a channel then chatting through it and sharing data. After this, we will perform a forensic analysis in an attempt to uncover what artifacts can be retrieved from these interactions and how much information those artifacts hold.
Twitter was chosen as it is one of the largest social networks, currently supporting 319 million users. Twitter has faced scrutiny for its security, yet is still used by high profile government officials and popular celebrities. Our goal is to find what artifacts Twitter leaves behind in relation to personal info, account statistics, and private communications. The team will simulate a Twitter user by creating a test account and using the service through its desktop application.
Our hope is to gather artifacts from the desktop applications we chose and identify the potential risks of this discovered information. We can’t wait to share our results with you as they come.
- “Desktop Operating System Market Share.” Operating System Market Share. NetApplications.com, Jan. 2017. Web. 9 Feb. 2017.
- “Twitter: Number of Active Users 2010-2016.” Statista. N.p., n.d. Web. 21 Feb. 2017.
- Constine, Josh. “Slack’s Growth.” TechCrunch. TechCrunch, 1 Apr. 2016. Web. 9 Feb. 2017.
- Statista. “Monthly Active Twitter Users.” Statista. Web. 9 Feb. 2017.
- Hartmans, Biz Carson and Avery. “33 Startups to Watch in 2017, According to VC Investors.”