It stores each and every activity of TeamViewer with timestamps, remote system IP, TeamViewer ID etc. For more detailed information, we should open TeamViewerX_Logfile.log file.
The basic details of the connection can be obtained from this text file. It lists out connected TeamViewer ID, The computer name from which connection established, time duration, connection type and connection unique ID. Sample content in this log file is shown below: It basically stores details of incoming connection that is established within the client PC. There are mainly two log files that TeamViewer maintains: Inside the installation directory, TeamViewer logs all its activities. The artifacts of TeamViewer can be found inside directories as given below: The installation directory of TeamViewer is : TeamViewer saves all connection information and activity details in its installation directory, which is extremely helpful for any forensic investigators. Here we are discussing artifacts in client/remote administrator PC model of TeamViewer activity. The figure shows the communication process in TeamViewer. The artifacts about TeamViewer is present at 3 ends – Remote Administrator side (Support PC), the server through which connection establishes and communication takes place (Secure Access Server) and the PC where we remotely access (Client PC). As a forensics examiner it is insisted to know TeamViewer activities in detail and how to fetch the information buried in it. He can capture crucial and confidential information present on remote PC and also he can destroy or misuse them. The remote controller can perform all kinds of activity that a user physically does. Remote controlling is powerful as physically accessing the target system. The encroachment of an unauthorized person into someone's PC allows accessing their data. Role of TeamViewer in Digital ForensicsĪs we know, TeamViewer is a powerful remote monitoring tool, it plays significant role in digital forensics. TeamViewer supports common platforms especially Windows, Linux, Mac and Mobile phones. The latest version of TeamViewer is v 1 and it is for personal/Non-commercial use. It provides an All-In-One solution to all features such as remote control, desktop sharing, file transferring, messaging etc. This provides us an interface as if we are sitting in front of that computer. It can connect any PC or Server via internet so that we can remotely control partner's computer. TeamViewer is the popular Internet-based remote administration software developed by TeamViewer GmbH.
0 kommentar(er)
