After forensically investigating the security of the popular Zoom application, a team of University of New Haven students presented what they learned about digital evidence created by Zoom to experts and industry professionals from around the world as part of the virtual INTERPOL Digital Forensics Expert Group conference, an event the University recently co-hosted.
July 16, 2020
Sophia Mateo '21 and her classmates have been spending a great deal of time using Zoom. The application has been an increasingly popular tool to connect people during the pandemic, but Mateo and her teammates weren't just using it for their classes or to chat. They dug deeper into the security of the popular video conferencing application, and they have now shared their findings with digital forensics professionals from around the world.
A cybersecurity and networks major, Mateo, a research assistant in the University's Bergami Cybersecurity Center, tested and analyzed Zoom on an Android Galaxy version 10 device using both basic and privileged user accounts to conduct disk, memory, and network forensic tests. She and her teammates tested the application on several other devices, including an iPhone, as part of their project titled "Zooming into the Pandemic! A Forensic Analysis of the Zoom Application."
The students presented their research recently as part of the virtual INTERPOL Digital Forensics Expert Group (DFEG) conference, sharing their findings with hundreds of industry professionals from around the globe.
"Working on this presentation was a highly rewarding experience," she said. "By writing this paper alongside my teammates I was able to learn how professional and academic works are done and presented to digital forensics practitioners around the world. By presenting our methodology and our forensic processes I was able to gain insight into very relevant topics of today's digital forensic landscape."
'Needing to learn it very quickly helped me'
Mateo was part of a team of undergraduate research assistants who, as part of their paid internship with the University's Artifact Genome Project (AGP), forensically investigated the Zoom video conferencing application. To conduct their tests, they started meetings, sent chats through Zoom's instant messaging feature, and tried to create digital footprints they could return to later on. They found that the application transmits and stores user information in such a way that it could be compromised, and that users' privacy could be exposed.
The project was an opportunity for the students to explore something new, such as memory forensics, which Meghan Cichon '21, a cybersecurity and networks major, enjoyed learning more about.
"I had to learn how to take a memory dump of the virtual machine, and then learn how to analyze what was extracted," she said. "It was challenging to pick up on, especially since we were doing this remotely due to COVID-19, but I think needing to learn it very quickly really helped me understand how to extract and analyze the information in a fast, yet successful, manner."
'We hope that it serves as a resource for investigators to use in future investigations'
Andrew Mahr '22, who began working with AGP at the beginning of the spring semester, presented the students' findings along with Mateo during the virtual INTERPOL Digital Forensics Expert Group conference.
"We hope our research contributes to the digital forensics domain as the primary analysis of this popular application, and we hope that it serves as a resource for investigators to use in future investigations that may involve the Zoom application," said Mahr. "After our presentation, a representative from the Netherlands Forensic Institute requested a copy of the paper for use within their own setting. This was very encouraging and demonstrative of the significance and relevance of our work within our world today."
The students uploaded the artifacts they found to AGP, adding enhancements by coding new software to be added to the website. Their internships are competitive positions funded through a prestigious grant from the National Science Foundation.
Bhavik Nahar '21, also a research assistant with AGP, says the opportunities he has had through the program have been invaluable.
"Through the internship I improved my development skills, cybersecurity acquaintance, and handling of pressure," he said.
'I was very impressed to see our students grow so fast'
Cinthya Grajeda-Mendez '17, '20 M.S., the manager of AGP and a cybersecurity lab manager at the University, supervised the students. She says their work has important implications for the growing number of Zoom users around the world.
"I was very impressed to see our students grow so fast and be able to accomplish this during the pandemic," she said. "It really brought a sense of pride and joy seeing my first students present as part of a major conference. This opportunity exposed them to an environment that immensely helped them grow in their careers, and their work will soon make them published authors."
The University partnered with MITRE Corp., a nonprofit organization that manages federally funded research and development centers supporting several U.S. government agencies, to host the INTERPOL conference in June. The conference, which was held via Zoom amid the global coronavirus pandemic, brought together leaders in the field, enabling them to network and learn about cutting-edge developments in digital forensics and cybersecurity. It was the first time the conference was hosted by an organization based in the United States.
"The conference went flawlessly, and we received extremely positive feedback," said Ibrahim Baggili, Ph.D., Elder Family Chair and director of the University's Connecticut Institute of Technology. "This was the first time that DFEG went fully virtual, and the collaboration between our team, Cory Hall at MITRE, and INTERPOL, worked out beautifully."
'These were undergraduate students sitting on the podium among world renowned experts'
The conference included, for the first time, a digital forensics challenge, hosted by the University through AGP. It gave participants one week to provide solutions to a proposed scenario. Students created the educational material and developed the code for the challenge, which required participants to hunt for artifacts and complete exercises that would test their knowledge.
Participants from more than 30 countries took part in the challenge. Evaggelos Dragonas and Donatos Dosis, both natives of Greece, captured first and second place, respectively. Robert Serafin '20, '22 M.S., who recently graduated with his bachelor's degree in computer engineering, finished in third place.
"Before this challenge, I had only heard of AGP, but this taught me how to use it while showing me the role it can play to help aid in the investigative process," said Serafin, who will begin his master's degree in cybersecurity and networks at the University this fall. "This was my first global competition, and finding out I finished third was amazing. It was wonderful to hear case scenarios and forensic updates from individuals from countries around the world."
Dr. Baggili says the students' involvement with the conference, and their Zoom research, enabled them to adjust to remote research and development. He hopes their work will enable more forensic investigators to work on AGP.
"I am very proud of the students," said Dr. Baggili. "For them to present among a group of worldwide experts, in front of a worldwide audience, our research work on Zoom forensics is quite a feat. These were undergraduate students sitting on the podium amongst world-renowned experts in the domain. We are very thankful for the National Science Foundation for funding the Artifact Genome Project, and funding the work of these wonderful students."