Even if you do not game online you might be familiar with the Discord platform. This communications hub is used by over a quarter of a billion people worldwide to communicates to their friends via voice, video, or text. You can also join larger communities/servers to talk with other people with similar interests. Although Discord was designed for gaming many communities of people have adopted Discord as a means to share information. This mass adoption has opened up Discord as a good source for digital evidence.
Discord is available both on a desktop environment with any variety of operating system choices as well as on both iOS and Android mobile platforms. Each server has a variety of channels that can be joined based on specific topic areas or one can be made for the group that you create. Each individual can join up to 100 servers and you can adjust which of those servers you want notifications on with mentions of you, etc. Each of those servers can have 500,000 users so as you might guess this is a great hub for communications. Servers can be public or private depending on how they were set up. Typically, a public server focuses on a fan of a particular topic that is more common such as Minecraft. Private servers can be focused to know people in a group such as DFIR which has a Discord server.
Discord is free and you can do most of the functions without any issues, but there are options to pay that can add new capabilities to your profile. The big draw on a pay account is the improvement to video streaming which is more applicable to the gaming groups. Servers can also get boosts that get bonuses to all the members of the server.
So, why does all this matter in digital forensics? With Discord a primary hub of communication for Gen Z it is important to include such information in your investigation. However, investigating Discord can be tricky with the methods it authenticates.
Step 1. Get Consent
With all things cloud-based you need the consent of the user to be able to use their credentials to log in to their account.
Step 2. Stay on Network
The way the Discord tokens work is they are authenticated to an IP address. To ensure you do not need to also log in to the email of the person’s credentials you are using you need to make sure you do your collection while on the same IP address as the consenting individual.
Step 3. Input Credentials
Using the Cloud Import Wizard, you can import the credentials of the consenting individual to begin your collection.
There are a variety of filters you can use when you are bringing in the data from Discord. From date range to the areas you want to collect from.
Details you can collect include:
- Server Name
- Channel Name
- Direct Messages
- Date last modified
- Friends Status
- Accepted friend
- Blacklisted user
- Pending user
- Waiting for user to accept the invitation
Once the data is collected it can be reviewed with indexing, OCR, and searches. Note there is a limit of 10,000 records per grid that can be collected. As a new piece of evidence in your investigation will be shocked on what valuable insights you can get on your suspect based on their Discord data.
Review the entire capture process with the following video tutorial from the Paraben YouTube channel at ParabenForensics
The concept of the Remote Workforce has now become a reality for the long term, going well into 2021, and possibly even beyond. While most Cyber experts were predicting that a near 99% Virtual Workforce was possible in 4-5 years, it came to fruition in just a matter...
When you look at the best means to secure your smartphone there are a few key areas to look at. Hardware System Apps Each of these areas can be applied to both iOS (Apple) and Android. When selecting a device, they can be used to determine if you have the best fit or...
Step into the thoughts of Paraben's CEO and Founder Amber Schroader. Forensic-Impact Articles