Research Area:  Digital Forensics
Smartphone market is growing day by day and according to Statista, as of 2017, 68.4% of the U.S. population uses smartphones. Similarly, the amount of information stored on these mobile devices is tremendous and ranging from personal details, contacts, applications data, to exchange of texts and media. This information can become a significant evidence during a digital forensics investigation and thereafter in courts. As Android is one of the leading smartphone operating systems worldwide, it is important to have the knowledge of Android forensics. Moreover, chat messaging between the users becoming the most prominent communication medium particularly among the youth. The exponential increase in the interception of chat messages on mobile devices led to implementation of end to end encryption. This is mainly due to the concerns raised on privacy and security of user data on smartphones. In this paper we analyze widely used encrypted Instant Messaging (IM) applications namely WeChat, Telegram, Viber and Whatsapp. We also show how these applications store data in the Android file system. In addition we also discuss forensic implications of the IM applications that are utilizing encryption. Analysis of artifacts collected from these applications is performed using the Android Debugging Bridge (ADB) tool and some other open source tools. Moreover, we also present the challenges faced during the collection of the forensically important artifacts.
Keywords:  
Author(s) Name:  Khushboo Rathi; Umit Karabiyik; Temilola Aderibigbe; Hongmei Chi
Journal name:  
Conferrence name:  6th International Symposium on Digital Forensic and Security (ISDFS)
Publisher name:  IEEE
DOI:  10.1109/ISDFS.2018.8355344
Volume Information:  
Paper Link:   https://ieeexplore.ieee.org/abstract/document/8355344