|International Journal of Applied Information Systems|
|Foundation of Computer Science (FCS), NY, USA|
|Volume 12 - Number 18|
|Year of Publication: 2019|
|Authors: S. Idowu, Ehiwe D. Dominic, S. O. Okolie, N. Goga|
S. Idowu, Ehiwe D. Dominic, S. O. Okolie, N. Goga . Security Vulnerabilities of Skype Application Artifacts: A Digital Forensic Approach. International Journal of Applied Information Systems. 12, 18 ( January 2019), 5-10. DOI=10.5120/ijais2019451784
Social network platforms and apps have gained popularity partly because of the ease by which users are able to sign up on the platform. This is in addition to the open source nature of majority of these software applications. By making use of these social network platforms and applications, users consent to the disclosure of information that may be used to recreate their profile, to reconstruct events that have taken place, and provide most times geo-location information that can be used to track or trace participants. In this study, presentation of the potential security vulnerabilities that can be associated with the digital artifacts harvested from Skype, a social network app in use by millions of subscribers worldwide is made. The study methodology involved set up of a forensic workstation for the acquisition and examination of the digital artifacts obtained from Skype application installed on a test Infinix HotNote Smartphone running Android OS version 5.5 that was utilized for this study. Following the National Institute of Science & Technology (NIST) guideline, the chain-of-custody of the performed activities was documentation. A key finding of this study indicates the acquired and examined stored user data and other metadata information are stored in plain and clear text formats. The security implication for this is significant as the ease or potential for a cyber-criminal activity becomes heightened. Therefore, the implementation of a robust and secure data encryption standard for protecting stored user records is recommended. While there are different types of encryption algorithms that may be utilized for achieving user security and privacy requirements, the decision to enforce any of the known standards can be taken following global application security standards for implementing security of software applications.