Blog >> Android Zoom

Investigating Android Zoom

26/04/2024 Friday

Android Zoom is a meeting application designed to help its users schedule their own meetings, join virtual meetings and video conferences, and chat with contacts. The user can join a meeting established on Zoom with only one click and without even signing up. Zoom tries to make its users’ lives easier by providing a feature that allows users to sign up using their Google or Facebook accounts. The app supports hosting or attending meetings with up to hundreds of participants, making it suitable for both personal and professional use.

Digital Forensics Value of Android Zoom

The Digital Forensics Value of the Android Zoom Application lies in its potential to provide valuable insights into a user's communication activities conducted through the platform. Forensic analysts can access data related to scheduled meetings, participant lists, chat conversations, and media shared during meetings. This information can assist in reconstructing timelines, identifying participants, and understanding the context of communications.

Location of Android Zoom Artifacts

Android Zoom artifacts can be found at the following location:
/*/* @xmpp.zoom.us.asyn.db

Analyzing Android Zoom Artifacts with ArtiFast

This section will discuss how to use ArtiFast to extract Android Zoom artifact from Android devices and what kind of digital forensics insights we can gain from the artifact.

After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select Android Zoom artifact parsers:

Once ArtiFast parsers plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Android Zoom artifact in ArtiFast.

Android Zoom Individual Messages

• Send Time: Message send time.
• Body: Message body.
• ID: Message ID.
• Sender Name: Sender name.
• Sender Resource: Sender resource.
• Preview Message Time: Preview message time.
• Sent By Me: Whether the message was sent by the owner or not.
• Sender Buddy ID: Sender buddy ID.
• Is Read: Indicates whether the message was read or not.

Android Zoom Group Messages

• Send Time: Message send time.
• Body: Message body.
• ID: Message ID.
• Group ID: Group ID.
• Sender Name: Sender name.
• Sender Resource: Sender resource.
• Preview Message Time: Preview message time.
• Sent By Me: Whether the message was sent by the owner or not.
• Sender Buddy ID: Sender buddy ID.
• Is Read: Indicates whether the message was read or not.

Android Zoom File Messages

• Send Time: File send time.
• Name: Name of the file.
• URL Data: URL data of the file.
• Local Path: Local path of the file.
• Sender ID: Owner of the file.
• File Type: Type of the file.
• File Size: Size of the file.
• File Length: File length in seconds.
• Is Downloaded: Indicates whether the file was downloaded or not.
• Downloaded Size: Size of the downloaded portion.
• Sent By Me: Indicates whether the file was sent by the owner.
• Message ID: The message ID associated with the file.
• Conversation ID: The conversation ID associated with the file.
• Picture Preview Path: The file's preview path.

Android Zoom Calls

• Call Time: The time of the call.
• Call ID: The unique ID of the call.
• Callee Name: The name of the person receiving the call.
• Caller Name: The name of the person initiating the call.
• Personal Meeting ID: The personal meeting ID associated with the call.
• Callee JID: The Jabber ID (JID) of the callee.
• Caller JID: The Jabber ID (JID) of the caller.

Android Zoom Conversations

• Last Update Time: The date and time when the conversation was last updated.
• Last Message ID: The ID of the last message in the conversation.
• ID: The ID of the conversation.
• Is Group: Indicates whether the conversation is a group chat.
• Unread Message Count: The number of unread messages in the conversation.
• Last Read Time: The date and time when the messages in the conversation were last read.

Android Zoom Friends

• JID: The JID (Jabber ID) of the friend.
• First Name: The first name of the friend.
• Last Name: The last name of the friend.
• Email: The email address of the friend.
• Picture Path: The local path to the friend's picture.
• Avatar URL: The URL to the friend's avatar image.

Android Zoom Groups

• Group ID: The ID of the group.
• Name: The name of the group.
• Participants' Name: Names of the group members (excluding the owner).
• Owner's Name: The name of the group owner.
• Owner ID: The ID of the group owner.

For more information or suggestions please contact: kalthoum.karkazan@forensafe.com