Research Area:  Digital Forensics
WeChat is a popular instant messaging application on Android, iPhone and BlackBerry smart phones, whose chat messages are all stored in local installation folder. This paper studied the data forensic techniques of WeChat messages including the identification of storage location, storage structure and information extraction methods. Since the text message is stored in encrypted SQLite database, we detailedly analyze its cryptographic algorithm, key derivation principle and present the corresponding database decryption process in different practical forensic circumstances. In addition, we exploit the data recovery of voice and deleted messages which would also be helpful in data forensic for criminal investigation.
Keywords:  
Author(s) Name:  Lijun Zhang; Fei Yu; Qingbing Ji
Journal name:  
Conferrence name:  Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC)
Publisher name:  IEEE
DOI:  10.1109/IMCCC.2016.24
Volume Information:  
Paper Link:   https://ieeexplore.ieee.org/abstract/document/7774829