What is TeamViewer?
TeamViewer is an application that allows the user of one computer to connect and remotely use another computer, as if they were sat at it, via the Internet.
The software can be downloaded from here https://www.teamviewer.com/en/download/windows/ for personal use for free, with limitations such as a connection time limit, or it can be purchased providing the user with fewer limitations, including for business use, as the cost increases.
The software is also available on a range of different platforms including Windows, Windows Mobile, Linux, Mac OSX, Android and Apple iOS.
TeamViewer Forensics
When using TeamViewer, the access to the remote computer is gained using the 10 digit ID number and password of that computer and knowledge of those is required before the computer can be used.
However, the capability of TeamViewer and other such remote access software provides the potential for a user to gain complete use of a computer from any location via the Internet which can provide various circumstances where that capability can be misused and private or financial information can be obtained.
Through the use of digital forensics techniques, it can be possible to identify what activity occurred during any remote connection sessions, including any files that were transferred and the IP address and other details that may help identify the connecting computer.
TeamViewer Forensics – Investigation Data
When conducting a forensic investigation into a computer where TeamViewer is involved, data is stored to both computers, the computer being accessed and the computer conducting the access.
By default, the TeamViewer application is stored to the Program Files\Teamviewer directory and the activity logs are also recorded within that path.
The file named Connections_Incoming.txt maintains a record of all incoming remote connections, which is stored in the following format:
- TeamViewer ID
- Name of Connecting Computer
- Time/Date of Start of the Activity
- Time/Date of the End of the Activity
- Profile of the Target Computer
- Type of Connection
- Connection ID
Once a specific connection has been identified within the Connections_Incoming.txt file, it is possible to consider further details of the actions and activities undertaken by examining the content of the TeamViewer logfiles that are also location within the default program installation folder.
The information within the logfiles includes the version of TeamViewer used, the operating system and the IP address of the connecting computer.
About Athena Forensics
For information on our digital forensic services or if you require any advice or assistance please contact a member of our team on 0845 882 7386 or via email on enquiries@athenaforensics.co.uk, further details are available on our contact us page.
Our client’s confidentiality is of the utmost importance. All correspondence is treated with discretion, from initial contact to the conclusion of any computer forensics investigation.
Our digital forensics experts are fully aware of the significance and importance of the information that they encounter and we have been accredited to ISO 9001 for 10 years.
Our forensic experts are all security cleared and we offer non-disclosure agreements if required. Our premises along with our security procedures have been inspected and approved by law enforcement agencies.
Athena Forensics do not disclose personal information to other companies or suppliers.
https://athenaforensics.co.uk/service/mobile-phone-forensic-experts/
https://athenaforensics.co.uk/service/computer-forensic-experts/
