Australian Digital Forensics Conference

Document Type



Remote Desktop Applications (RDA) such as Virtual Network Computing (VNC), Cisco WebEx, GoToMeeting and LogMeIn have been adapted and utilised recently. This is because they facilitate tier-one support to configure computers, networks and solve application-related issues from a remote location. The direct benefit from the use of these applications, is the time (and therefore cost) saving for organisations. Unfortunately, “remoting” technology can also be used by criminals to perform illegal activities, hence remote applications are of key interest to law agencies and forensic investigators. The research outlined in this paper aims to identify any artefacts left behind by common remote applications and technologies used by many firms. These artefacts can be vital to government law enforcement agencies and forensic investigators, as they could be used as evidence in cyber-crime investigations. This research will focus on RealVNC, TightVNC, Cisco WebEx, GoToMeeting and LogMeIn applications. The findings from the research shows some artefacts left behind by the applications, which can be used by forensics investigators or law enforcement for possible evidence.


Originally published as: Kerai, P. L., & Vekariya, V. M. R. (2016). An exploration of artefacts of remote desktop applications on windows. In Valli, C. (Ed.). (2016). The Proceedings of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia. (pp.42-49).