Document Type


Publication Date


Subject: LCSH

Videoconferencing, Cyber intelligence (Computer security), Computer security


Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security


The global pandemic of COVID-19 has turned the spotlight on video conferencing applications like never before. In this critical time, applications such as Zoom have experienced a surge in its user base jump over the 300 million daily mark (ZoomBlog, 2020). The increase in use has led malicious actors to exploit the application, and in many cases perform Zoom Bombings. Therefore forensically examining Zoom is inevitable. Our work details the primary disk, network, and memory forensic analysis of the Zoom video conferencing application. Results demonstrate it is possible to find users' critical information in plain text and/or encrypted/encoded, such as chat messages, names, email addresses, passwords, and much more through network captures, forensic imaging of digital devices, and memory forensics. Furthermore we elaborate on interesting anti-forensics techniques employed by the Zoom application when contacts are deleted from the Zoom application's contact list.


Article originally published in Forensic Science International: Digital Investigation, volume 36, March 2021.



Publisher Citation

Andrew Mahr, Meghan Cichon, Sophia Mateo, Cinthya Grajeda, Ibrahim Baggili, Zooming into the pandemic! A forensic analysis of the Zoom Application, Forensic Science International: Digital Investigation, Volume 36, 2021, 301107, ISSN 2666-2817, (

Check your library