Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

A Practical Hands-on Approach to Database ForensicsForensic Analysis of the qTox Messenger Databases

A Practical Hands-on Approach to Database Forensics: Forensic Analysis of the qTox Messenger... [This chapter focuses on the examination of the qTox message application. Recently, there have been a lot of child exploitation activities where the suspects use amongst other things an E2EE messenger called qTox (using the tox-protocol) for their communication to other offenders. The tox-protocol is an encrypted open source peer-to-peer network protocol without a central server infrastructure for chat, file transfer, video chat and VoIP. Standard forensic software is currently not able to detect or reconstruct qTox communication. This chapter presents an approach to examine qTox artifacts and demonstrates possibilities to reconstruct qTox communication, friend lists and account information for the investigator. This approach is tested with the qTox client version used in the main operating systems Windows and Linux in a virtual environment. The analysis of the qTox source code to find out the relevant encryption functions is described. The search for artifacts in the image files of the operating systems and in the memory dumps of the running machines is also presented. The structure of the encrypted qTox profile sqlite database is discussed in details.] http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png

A Practical Hands-on Approach to Database ForensicsForensic Analysis of the qTox Messenger Databases

Part of the Studies in Big Data Book Series (volume 116)
Meier, Daniel; Choo, Kim-Kwang Raymond; Le-Khac, Nhien-An
Springer Journals — Oct 22, 2022
Download PDF
30 pages

Loading next page...
 
/lp/springer-journals/a-practical-hands-on-approach-to-database-forensics-forensic-analysis-r6jTYyOo0P
Publisher
Springer International Publishing
Copyright
© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2022
ISBN
978-3-031-16126-1
Pages
93 –123
DOI
10.1007/978-3-031-16127-8_4
Publisher site
See Chapter on Publisher Site

Abstract

[This chapter focuses on the examination of the qTox message application. Recently, there have been a lot of child exploitation activities where the suspects use amongst other things an E2EE messenger called qTox (using the tox-protocol) for their communication to other offenders. The tox-protocol is an encrypted open source peer-to-peer network protocol without a central server infrastructure for chat, file transfer, video chat and VoIP. Standard forensic software is currently not able to detect or reconstruct qTox communication. This chapter presents an approach to examine qTox artifacts and demonstrates possibilities to reconstruct qTox communication, friend lists and account information for the investigator. This approach is tested with the qTox client version used in the main operating systems Windows and Linux in a virtual environment. The analysis of the qTox source code to find out the relevant encryption functions is described. The search for artifacts in the image files of the operating systems and in the memory dumps of the running machines is also presented. The structure of the encrypted qTox profile sqlite database is discussed in details.]

Published: Oct 22, 2022

There are no references for this article.