LogMeIn is a remote access software similar to TeamViewer and Anydesk. It allows users to connect to devices via an internet connection remotely. These devices include laptops, workstations, servers, tablets, and smartphones. The software provides the ability to create groups of multiple devices within the application, remotely access these devices, take control of them if necessary and share files between them. The software is mainly used by IT personnel providing technical support to businesses.
LogMeIn allows organizations and individuals to access devices remotely, share files, and manage and configure machines where physical access is unavailable. These capabilities are beneficial to normal users, but it also enables criminals to perform illegal activities. Therefore, analyzing remote access artifacts can provide valuable information during investigations.
LogMeIn artifacts can be found at the following directories and registry locations:
C:\Program Data\LogMeIn
C:\Users\[username]\AppData\Local\LogMeIn
SOFTWARE\LogMeIn\Toolkit\DesktopSharing
SOFTWARE\LogMeIn\V5 LogMeIn\Toolkit\Filesharing
SOFTWARE\LogMeIn\V5
SOFTWARE\LogMeIn Ignition
This section will discuss how to use ArtiFast to extract LogMeIn artifacts from Windows machines and what kind of digital forensics insight we can gain from the artifacts.
After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select LogMeIn artifacts:
Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of LogMeIn artifacts in ArtiFast.
LogMeIn Client Information: This artifact contains information related to the local user.
LogMeIn Last Shared File: This artifact contains information about the last shared file.
LogMeIn Invited Guests: This artifact contains information about the invitation requests sent via the software.
LogMeIn Shared Files: This artifact contains information about the files shared via the software.
LogMeIn Connection History: This artifact contains information related to connection history.
For more information or suggestions please contact: asmaa.elkhatib@forensafe.com