Fahdiaz Alief, Y. Suryanto, Linda Rosselina, T. Hermawan
{"title":"Analysis of Autopsy Mobile Forensic Tools against Unsent Messages on WhatsApp Messaging Application","authors":"Fahdiaz Alief, Y. Suryanto, Linda Rosselina, T. Hermawan","doi":"10.23919/EECSI50503.2020.9251876","DOIUrl":null,"url":null,"abstract":"This paper discusses the new feature implemented in most social media messaging applications: the unsent feature, where the sender can delete the message he sent both in the sender and the recipient devices. This new feature poses a new challenge in mobile forensic, as it could potentially delete sent messages that can be used as evidence without the means to retrieve it. This paper aims to analyze how well Autopsy open-source mobile forensics tools in extracting and identifying the deleted messages, both that are sent or received. The device used in this paper is a Redmi Xiaomi Note 4, which has its userdata block extracted using linux command, and the application we're using is WhatsApp. Autopsy will analyze the extracted image and see what information can be extracted from the unsent messages. From the result of our experiment, Autopsy is capable of obtaining substantial information, but due to how each vendor and mobile OS store files and databases differently, only WhatsApp data can be extracted from the device. And based on the WhatsApp data analysis, Autopsy is not capable of retrieving the deleted messages. However it can detect the traces of deleted data that is sent from the device. And using sqlite3 database browser, the author can find remnants of received deleted messages from the extracted files by Autopsy.","PeriodicalId":6743,"journal":{"name":"2020 7th International Conference on Electrical Engineering, Computer Sciences and Informatics (EECSI)","volume":"101 1","pages":"26-30"},"PeriodicalIF":0.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 7th International Conference on Electrical Engineering, Computer Sciences and Informatics (EECSI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/EECSI50503.2020.9251876","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
This paper discusses the new feature implemented in most social media messaging applications: the unsent feature, where the sender can delete the message he sent both in the sender and the recipient devices. This new feature poses a new challenge in mobile forensic, as it could potentially delete sent messages that can be used as evidence without the means to retrieve it. This paper aims to analyze how well Autopsy open-source mobile forensics tools in extracting and identifying the deleted messages, both that are sent or received. The device used in this paper is a Redmi Xiaomi Note 4, which has its userdata block extracted using linux command, and the application we're using is WhatsApp. Autopsy will analyze the extracted image and see what information can be extracted from the unsent messages. From the result of our experiment, Autopsy is capable of obtaining substantial information, but due to how each vendor and mobile OS store files and databases differently, only WhatsApp data can be extracted from the device. And based on the WhatsApp data analysis, Autopsy is not capable of retrieving the deleted messages. However it can detect the traces of deleted data that is sent from the device. And using sqlite3 database browser, the author can find remnants of received deleted messages from the extracted files by Autopsy.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
