Skip to main content

Research Repository

Advanced Search

Remote Desktop Software as a Forensic Resource

Manson, Jonathan


Jonathan Manson


Remote Desktop Software (RDS) enables the controlling of a computer system without the need for physical access. Operations are sent to the remote machine and executed as if performed by a local user. With an unprecedented shift to remote working due to the COVID-19 Pandemic, more people are working on home devices without enterprise IT support and therefore reliant upon this software to collaborate and keep their systems available and secure. RDS complicates a Forensic Investigation as any person with remote access privileges or knowledge of bypassing them could be responsible for an action. Despite its importance and prevalence, forensic research into RDS is minimal. As a market-leading solution for Windows, TeamViewer is an impactful starting point to demonstrate that such software is forensically-valuable to explore. This paper shows that with suitable evidence, an Investigator can identify which machines have performed remote control or been controlled, transferred files and have been remotely rebooted, among other events. We also highlight a potential privacy concern due to inadequate uninstallation processes. To illustrate the value of our findings we publish a Python module for Autopsy that automatically locates, processes and visualises key TeamViewer artefacts for an Investigator.

Journal Article Type Article
Acceptance Date Mar 1, 2022
Online Publication Date Mar 14, 2022
Publication Date 2022
Deposit Date Mar 14, 2022
Publicly Available Date Mar 14, 2022
Print ISSN 2374-2917
Publisher Taylor & Francis
Peer Reviewed Peer Reviewed
Volume 6
Issue 1-2
Pages 1-26
Keywords Forensics, TeamViewer, remote desktop, RDP, windows
Public URL


Downloadable Citations