Khalid, Zainab http://orcid.org/0000-0002-1810-0224
Iqbal, Farkhund
Kamoun, Faouzi
Khan, Liaqat Ali
Shah, Babar
Article History
Received: 13 January 2022
Accepted: 8 July 2022
First Online: 12 August 2022
Declarations
:
: Forensic research needs to consider the potential ethical and legal considerations associated with privacy, intellectual property, responsible disclosure, secondary uses of personal information, terms of use, informed consent, and use of human participants among others [CitationRef removed]. We have taken the necessary steps for addressing or mitigating these common concerns as explained below. The inherent nature of this forensic study is not to expose flaws, hackable security vulnerabilities, or zero-day exploits whose exploitation might lead to incidents but rather to guide forensic investigators unearth readily accessible digital data that some users may want to hide as evidence of legal wrongdoing. Recall that every user interaction with the WebEx application leaves behind some residual forensic evidence which originates from personal data that the app requires to properly operate as per the WebEx privacy terms and conditions [CitationRef removed]. Hence, in our case, ethical and legal issues pertaining to responsible disclosure of vulnerabilities did not apply, as we did not divulge any vulnerability that might jeopardize the availability, integrity, or confidentiality of Cisco WebEx data and system files.All our forensic experiments were conducted in a controlled laboratory setting by one of the co-authors who, as the owner of the testing device, provided explicit permission and consent for the residual forensic data (including personal identifying information) to be included in this study. Accordingly, privacy concerns associated with the practice of involving human participants in the research were addressed.The usage of the three WebEx videoconferencing applications, as reported in this study, was conducted in full compliance with Cisco WebEx license terms and conditions. In particular, we did not perform any form of code inspection, decryption, alteration, or reverse engineering on the WebEx software. The forensic artifacts collected from our study belong to the categories of personal data that is required to use the WebEx Service as per Cisco WebEx privacy data sheet [CitationRef removed].
: The authors declare no competing interests.
Free to read: This content has been made available to all.