Oliver Bryant - Dissertation.pdf (14.6 MB)
Download fileRetrieval of Digital Artefacts from TeamSpeak and Discord: A Forensic Investigation and Analysis of the Malicious Use of Gaming Communication Clients.
Gaming communication clients such as Discord and TeamSpeak have started to become an active choice for committing acts of crime, from being used to groom children to being used to organise crimes. The forensic examination of modern gaming communication clients has gone largely unexplored. This paper aims to understand the effectiveness of current moderation tools used to filter online abuse and to look at the possibility of extracting terrestrial artefacts that are left after use from these clients. In addition, a review into current legal cases highlights the need for further research into this specialist area of communication clients. Potential artefacts that may be detected during research includes data such as timestamps, conversations and transferred files. This research aims to contribute towards helping fill gaps by forensically analysing TeamSpeak and Discord.
History
References
- https://github.com/3dsexploits/DiscordRaidBots
- https://www.7safe.com/trainingoverview/acpo-guidelines
- https://accessdata.com/products-services/forensic-toolkit-ftk
- http://wicz.images.worldnow.com/library/f558e2b4-971c-4ef7-bf1e-4a3cd91ac807.pdf
- https://aoighost.github.io/penguinpoweredinfosec/#!dfir/browserforensics/steam/steam_browserforensics.md
- https://www.youtube.com/watch?v=XTUEAQAPjOc
- https://www.polygon.com/2017/7/27/16046030/discord-raiding
- https://fox4kc.com/news/us-attorney-files-federal-charge-against-maryland-man-accused-of-enticing-blue-springs-girl-for-sex/
- https://eu.pressconnects.com/story/news/public-safety/2018/03/02/hunters-talkers-loopers-how-fbi-cracked-online-child-exploitation-ring/384608002/
- https://tos.ea.com/legalapp/eula/US/en/ORIGIN
- https://doi.org/10.1007/978-3-642-15497-3_31
- http://dx.doi.org/10.1177/0973598415569933
- https://github.com/rogerbinns/apsw
- https://ciphers.pw/threads/betterdiscord-encrypted-text.2008/
- https://ora.ox.ac.uk/objects/uuid:3040a3b8-7ce9-4b3e-a3ae-a4d4ec6085da
- https://www.semanticscholar.org/paper/The-evolution-of-malicious-IRC-bots-Canavan/4fb473e4741a5d9d157d075c6747a924eb22fa72
- http://slideplayer.com/slide/10343049/
- https://news.sky.com/story/whatsapp-denies-government-access-to-encrypted-messages-11043069
- https://www.cnbc.com/2015/11/17/lets-go-text-found-on-paris-attackers-cell-phone.html
- https://heinonline.org/HOL/LandingPage?handle=hein.journals/nejccc32&div=4&id=&page=
- https://royal.pingdom.com/computer-messaging-before-the-web-a-visual-timeline-1960-1990/
- http://www.legislation.gov.uk/ukpga/1990/18/section/3
- https://doi.org/10.1016/j.diin.2016.04.006
- https://www.pocketgamer.biz/news/65773/discord-45-million-users/
- https://motherboard.vice.com/en_us/article/vbpaj8/revenge-porn-moves-to-slack
- https://motherboard.vice.com/en_us/article/7xdxg9/fbi-hacking-investigations-classified-remote-operations-unit
- https://www.thedailybeast.com/the-gaming-site-discord-is-the-new-front-of-revenge-porn
- https://www.theguardian.com/technology/2001/sep/13/games.terrorismandthemedia
- https://twitter.com/discordapp/status/734275551037423616?lang=en
- https://doi.org/10.1016/C2010-0-67122-7
- https://twitter.com/discordapp/status/822874230631100416?lang=en
- https://twitter.com/discordapp/status/822874230631100416?lang=en
- https://mashable.com/2017/05/16/discord-two-year-anniversary-growth-stats/?europe=true
- http://www.cbc.ca/news/canada/london/london-woodstock-ontario-intimate-images-discord-app-1.4605936
- https://books.google.co.uk/books/about/Elementary_Statistics_a_Modern_Approach.html?id=52_CgfJwWZQC
- https://www.propublica.org/article/world-of-spycraft-intelligence-agencies-spied-in-online-games?utm_source=et&utm_medium=email&utm_campaign=dailynewsletter
- https://www.telerik.com/blogs/the-certenroll-certificate-generator
- https://arstechnica.com/tech-policy/2015/11/paris-police-find-phone-with-unencrypted-sms-saying-lets-go-were-starting/
- http://www.volatilityfoundation.org
- https://arstechnica.com/tech-policy/2014/12/newly-published-nsa-documents-show-agency-could-grab-all-skype-traffic/
- https://www.engadget.com/2017-08-14-discord-shuts-down-racist-accounts.html
- https://motherboard.vice.com/en_us/article/3kaxb5/roblox-porn-nazis
- https://github.com/Tyrrrz/DiscordChatExporter
- https://storage.googleapis.com/gfw-touched-accounts-pdfs/google-cloud-security-and-compliance-whitepaper.pdf
- https://www.youtube.com/watch?v=av4KF1j-wp4
- https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
- http://dx.doi.org/10.1016/j.diin.2017.07.004
- http://dx.doi.org/10.1097/YCO.0b013e32832bd7e0
- https://9to5mac.com/2018/02/05/apple-telegram-illegal-content/
- https://www.theguardian.com/uk-news/2015/jan/12/lewis-daynes-stabbed-breck-bednar-essex-sentenced-chelmsford-crown-court
- https://webrtchacks.com/wp-content/uploads/2015/05/messenger-report.pdf
- https://nyunews.com/2017/08/28/offensive-messages-found-in-freshman-tandon-group-chat/
- https://www.mirror.co.uk/news/world-news/missing-12-year-old-boy-8299401
- https://splinternews.com/these-two-diablo-iii-players-stole-virtual-armor-and-go-1793847840
- https://blog.trendmicro.com/trendlabs-security-intelligence/chat-app-discord-abused-cybercriminals-attack-roblox-players/
- https://www.iso.org/standard/44381.html
- https://www.justice.gov/usao-wdmo/pr/additional-charge-against-maryland-man-enticing-minor-sex
- https://www.justice.gov/usao-wdmo/pr/maryland-man-charged-enticing-minor-sex
- https://support.discord.com/hc/en-us/articles/204849977-How-do-I-create-a-server-
- https://www.sans.org/reading-room/whitepapers/forensics/detecting-malware-sandbox-evasion-techniques-36667
- http://dx.doi.org/10.1016/j.tele.2016.04.004
- http://dx.doi.org/10.1007/978-0-387-84927-0_11
- https://theintercept.com/2017/09/06/how-right-wing-extremists-stalk-dox-and-harass-their-enemies/
- http://www.legislation.gov.uk/ukpga/2003/21/section/127
- https://www.theverge.com/2018/4/29/17299020/anon-ib-the-netherlands-dutch-police-revenge-porn-shut-down
- https://mitpress.mit.edu/books/second-life-herald
- https://digifors.cs.up.ac.za/issa/2011/Proceedings/Research/Mabuto_Venter.pdf
- https://whatis.techtarget.com/definition/ISO-27001
- https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
- https://www.internetmatters.org/resources/apps-guide/
- http://dx.doi.org/10.1016/j.diin.2006.07.001
- https://www.gizmodo.com.au/2017/02/how-a-video-game-chat-client-became-the-webs-new-cesspool-of-abuse/
- https://gizmodo.com/discord-has-a-child-porn-problem-1793682247
- https://www.theguardian.com/lifeandstyle/2016/jan/23/breck-bednar-murder-online-grooming-gaming-lorin-lafave
- https://psmag.com/news/doxxing-the-alt-right-racists
- https://wiki.mumble.info/wiki/FAQ#Is_Mumble_encrypted.3F
- https://wiki.mumble.info/wiki/Overlay
- https://blog.discord.com/7-21-17-change-log-c9acad667d67
- https://blog.discord.com/discord-safety-boost-2d592ea3b14a
- http://www.wicz.com/story/36673574/binghamton-man-charged-as-leader-in-online-child-porn-network
- http://www.wicz.com/story/36683893/wife-and-kids-of-accused-child-porn-leader-christian-maire-were-home-during-fbi-search
- https://www.bbc.co.uk/news/uk-england-30786021
- https://www.sans.org/blog/digital-forensics-how-to-configure-windows-investigative-workstations/
- https://www.nirsoft.net/utils/chrome_cache_view.html
- https://www.vice.com/en_us/article/ne3p9z/the-obscure-4chan-religion-that-promises-a-cyberpunk-afterlife
- https://www.theatlantic.com/magazine/archive/2017/12/the-making-of-an-american-nazi/544119/
- https://tools.ietf.org/html/rfc1459
- https://www.theverge.com/2017/9/20/16338128/whatsapp-reportedly-refused-request-uk-government-access-encrypted-messages
- https://www.overwolf.com/teamspeak/
- https://forum.teamspeak.com/threads/65261-Encryption-Question-What-exactly-is-encrypted-in-TS3
- http://mashable.com/2012/10/25/instant-messaging-history/
- https://www.ijser.org/researchpaper/A-Study-on-Secure-Communication-for-Digital-Forensics-Environment.pdf
- http://dx.doi.org/10.1016/j.future.2013.02.001
- http://dx.doi.org/10.1016/j.diin.2013.02.003
- http://dx.doi.org/10.1016/j.jnca.2013.09.016
- https://unicornriot.ninja/2017/leaked-planning-meetings-led-neo-nazi-terrorism-charlottesville/
- https://mashable.com/2017/05/16/discord-two-year-anniversary-growth-stats/?europe=true
- https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
- https://isc.sans.edu/forums/diary/Acquiring+Memory+Images+with+Dumpit/17216/
- https://github.com/aequasi/discord-anti-raid-bot
- https://www.schneier.com/blog/archives/2015/11/paris_terrorist.html
- https://forum.teamspeak.com/threads/42453-TeamSpeak-Mentioned-in-South-Park-Episode
- http://dx.doi.org/10.1007/978-3-319-20125-2_16
- http://arxiv.org/abs/1612.00204
- https://doi.org/10.1109/EST.2015.16
- http://www.bbc.co.uk/news/uk-england-essex-30730807
- https://www.guidancesoftware.com/encase-forensic
- https://www.sweetscape.com/010editor/
- https://www.theguardian.com/technology/2017/nov/07/facebook-revenge-porn-nude-photos
- https://gizmodo.com/the-nsa-was-going-to-fine-yahoo-250k-a-day-if-it-didnt-1633677548
- https://sqlitebrowser.org/
- https://github.com/Squirrel/Squirrel.Windows
- https://www.forbes.com/sites/insertcoin/2015/11/14/why-the-paris-isis-terrorists-used-ps4-to-plan-attacks/
- https://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/DecryptHTTPS
- http://dx.doi.org/10.1007/978-3-642-35594-3_15
- https://doi.org/10.1007/978-3-642-35594-3_15
- https://newzoo.com/insights/infographics/the-u-k-gamer-2017/
- https://www.forbes.com/sites/michaelthomsen/2015/05/30/when-videogame-companies-help-prosecute-their-players/
- https://www.nw3c.org/docs/research/discord.pdf
- https://techcrunch.com/2013/06/17/apple-nsa/
- https://ro.ecu.edu.au/cgi/viewcontent.cgi?referer=&httpsredir=1&article=1056&context=ism
- http://dx.doi.org/10.1109/MAHC.2012.6
- https://abrignoni.blogspot.com/2017/07/discord-app-forensic-artifacts-in.html
- https://blog.discord.com/scaling-elixir-f9b8e1e7c29b
- http://uk.businessinsider.com/discord-nazi-white-supremacist-alt-right-ban-2017-8
- https://www.nist.gov/system/files/documents/2016/12/12/whitakermobileidprez.pdf
- https://www.wireshark.org
- https://www.theguardian.com/technology/2017/aug/14/daily-stormer-alt-right-google-go-daddy-charlottesville
- http://dx.doi.org/10.1016/j.diin.2016.11.002
- http://dx.doi.org/10.1371/journal.pone.0150300
- http://dx.doi.org/10.1016/j.diin.2010.08.005
- https://www.eurogamer.net/articles/2015-11-16-sony-responds-to-claim-ps4-used-for-terrorist-communications
- https://articles.forensicfocus.com/2012/07/05/parallels-hard-drive-image-converting-for-analysis/
- http://dx.doi.org/10.1016/j.diin.2014.03.003
- https://www.theverge.com/2018/1/17/16901218/discord-revenge-porn-social-media
- https://skemman.is/handle/1946/7607
- http://dx.doi.org/10.1016/j.scijus.2018.04.001
- http://dx.doi.org/10.1080/01639625.2016.1169829
- https://www.wiley.com/en-gb/The+Art+of+Memory+Forensics:+Detecting+Malware+and+Threats+in+Windows,+Linux,+and+Mac+Memory-p-9781118825099
- https://techcrunch.com/2014/08/06/why-the-gmail-scan-that-led-to-a-mans-arrest-for-child-porn-was-not-a-privacy-violation/
CC BY 4.0