Tencent Meeting forensics based on memory reverse analysis
Tencent Meeting, an instant meeting software, is widely used at present, but no research has been conducted on its forensics. Since the real-time data generated by such software during meetings will not be stored in the computer disk, the traditional disk forensics method against such software is no...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
PeerJ Inc.
2025-06-01
|
| Series: | PeerJ Computer Science |
| Subjects: | |
| Online Access: | https://peerj.com/articles/cs-2963.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850217975161815040 |
|---|---|
| author | Shilong Yu Binglong Li Lin Zhu Heyu Zhang Sen Yang Zhangxiao Li Wenzheng Feng |
| author_facet | Shilong Yu Binglong Li Lin Zhu Heyu Zhang Sen Yang Zhangxiao Li Wenzheng Feng |
| author_sort | Shilong Yu |
| collection | DOAJ |
| description | Tencent Meeting, an instant meeting software, is widely used at present, but no research has been conducted on its forensics. Since the real-time data generated by such software during meetings will not be stored in the computer disk, the traditional disk forensics method against such software is no longer applicable and needs to obtain evidence through memory analysis. To extract meeting data transmitted during meetings, this article proposes a method for Tencent Meeting forensics based on memory reverse analysis. First, by analyzing the process storage and metadata format of Tencent Meeting in memory, an inverse metadata extraction algorithm is designed. Then, by analyzing the data structure of Tencent Meeting in memory, a meeting data stream engraving algorithm is developed. Finally, the experimental results indicate that the proposed method can effectively extract metadata information such as meeting time, meeting number, topic, and data flow information such as participants, message records, as well as transmitted files from the memory of Tencent Meeting, providing crucial digital evidence for digital crime investigation. Compared with other forensic analysis methods for instant meeting software, our proposed forensic method for Tencent Meeting conducts memory reverse analysis with the entire memory file, enabling the extraction of more comprehensive and abundant forensic data. |
| format | Article |
| id | doaj-art-71080552da964f53b28b40e249c17b36 |
| institution | OA Journals |
| issn | 2376-5992 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | PeerJ Inc. |
| record_format | Article |
| series | PeerJ Computer Science |
| spelling | doaj-art-71080552da964f53b28b40e249c17b362025-08-20T02:07:56ZengPeerJ Inc.PeerJ Computer Science2376-59922025-06-0111e296310.7717/peerj-cs.2963Tencent Meeting forensics based on memory reverse analysisShilong Yu0Binglong Li1Lin Zhu2Heyu Zhang3Sen Yang4Zhangxiao Li5Wenzheng Feng6School of Cryptographic Engineering, Information Engineering University, Zhengzhou, ChinaSchool of Cryptographic Engineering, Information Engineering University, Zhengzhou, ChinaSchool of Cryptographic Engineering, Information Engineering University, Zhengzhou, ChinaSchool of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, ChinaSchool of Cryptographic Engineering, Information Engineering University, Zhengzhou, ChinaSchool of Cryptographic Engineering, Information Engineering University, Zhengzhou, ChinaSchool of Cryptographic Engineering, Information Engineering University, Zhengzhou, ChinaTencent Meeting, an instant meeting software, is widely used at present, but no research has been conducted on its forensics. Since the real-time data generated by such software during meetings will not be stored in the computer disk, the traditional disk forensics method against such software is no longer applicable and needs to obtain evidence through memory analysis. To extract meeting data transmitted during meetings, this article proposes a method for Tencent Meeting forensics based on memory reverse analysis. First, by analyzing the process storage and metadata format of Tencent Meeting in memory, an inverse metadata extraction algorithm is designed. Then, by analyzing the data structure of Tencent Meeting in memory, a meeting data stream engraving algorithm is developed. Finally, the experimental results indicate that the proposed method can effectively extract metadata information such as meeting time, meeting number, topic, and data flow information such as participants, message records, as well as transmitted files from the memory of Tencent Meeting, providing crucial digital evidence for digital crime investigation. Compared with other forensic analysis methods for instant meeting software, our proposed forensic method for Tencent Meeting conducts memory reverse analysis with the entire memory file, enabling the extraction of more comprehensive and abundant forensic data.https://peerj.com/articles/cs-2963.pdfTencent MeetingMemory forensicsReverse analysis |
| spellingShingle | Shilong Yu Binglong Li Lin Zhu Heyu Zhang Sen Yang Zhangxiao Li Wenzheng Feng Tencent Meeting forensics based on memory reverse analysis PeerJ Computer Science Tencent Meeting Memory forensics Reverse analysis |
| title | Tencent Meeting forensics based on memory reverse analysis |
| title_full | Tencent Meeting forensics based on memory reverse analysis |
| title_fullStr | Tencent Meeting forensics based on memory reverse analysis |
| title_full_unstemmed | Tencent Meeting forensics based on memory reverse analysis |
| title_short | Tencent Meeting forensics based on memory reverse analysis |
| title_sort | tencent meeting forensics based on memory reverse analysis |
| topic | Tencent Meeting Memory forensics Reverse analysis |
| url | https://peerj.com/articles/cs-2963.pdf |
| work_keys_str_mv | AT shilongyu tencentmeetingforensicsbasedonmemoryreverseanalysis AT binglongli tencentmeetingforensicsbasedonmemoryreverseanalysis AT linzhu tencentmeetingforensicsbasedonmemoryreverseanalysis AT heyuzhang tencentmeetingforensicsbasedonmemoryreverseanalysis AT senyang tencentmeetingforensicsbasedonmemoryreverseanalysis AT zhangxiaoli tencentmeetingforensicsbasedonmemoryreverseanalysis AT wenzhengfeng tencentmeetingforensicsbasedonmemoryreverseanalysis |