TY - GEN
T1 - Analysis of autopsy mobile forensic tools against unsent messages on whatsapp messaging application
AU - Alief, Fahdiaz
AU - Suryanto, Yohan
AU - Rosselina, Linda
AU - Hermawan, Tofan
N1 - Publisher Copyright:
© 2020 Institute of Advanced Engineering and Science (IAES). All Rights Reserved.
PY - 2020/10/1
Y1 - 2020/10/1
N2 - This paper discusses the new feature implemented in most social media messaging applications: the unsent feature, where the sender can delete the message he sent both in the sender and the recipient devices. This new feature poses a new challenge in mobile forensic, as it could potentially delete sent messages that can be used as evidence without the means to retrieve it. This paper aims to analyze how well Autopsy open-source mobile forensics tools in extracting and identifying the deleted messages, both that are sent or received. The device used in this paper is a Redmi Xiaomi Note 4, which has its userdata block extracted using linux command, and the application we’re using is WhatsApp. Autopsy will analyze the extracted image and see what information can be extracted from the unsent messages. From the result of our experiment, Autopsy is capable of obtaining substantial information, but due to how each vendor and mobile OS store files and databases differently, only WhatsApp data can be extracted from the device. And based on the WhatsApp data analysis, Autopsy is not capable of retrieving the deleted messages. However it can detect the traces of deleted data that is sent from the device. And using sqlite3 database browser, the author can find remnants of received deleted messages from the extracted files by Autopsy.
AB - This paper discusses the new feature implemented in most social media messaging applications: the unsent feature, where the sender can delete the message he sent both in the sender and the recipient devices. This new feature poses a new challenge in mobile forensic, as it could potentially delete sent messages that can be used as evidence without the means to retrieve it. This paper aims to analyze how well Autopsy open-source mobile forensics tools in extracting and identifying the deleted messages, both that are sent or received. The device used in this paper is a Redmi Xiaomi Note 4, which has its userdata block extracted using linux command, and the application we’re using is WhatsApp. Autopsy will analyze the extracted image and see what information can be extracted from the unsent messages. From the result of our experiment, Autopsy is capable of obtaining substantial information, but due to how each vendor and mobile OS store files and databases differently, only WhatsApp data can be extracted from the device. And based on the WhatsApp data analysis, Autopsy is not capable of retrieving the deleted messages. However it can detect the traces of deleted data that is sent from the device. And using sqlite3 database browser, the author can find remnants of received deleted messages from the extracted files by Autopsy.
KW - Autopsy
KW - Mobile forensic
KW - Social media messaging
KW - Sqlite3
KW - Unsent feature
KW - Whatsapp
UR - http://www.scopus.com/inward/record.url?scp=85097844032&partnerID=8YFLogxK
U2 - 10.23919/EECSI50503.2020.9251876
DO - 10.23919/EECSI50503.2020.9251876
M3 - Conference contribution
AN - SCOPUS:85097844032
T3 - International Conference on Electrical Engineering, Computer Science and Informatics (EECSI)
SP - 26
EP - 30
BT - Proceedings - 2020 7th International Conference on Electrical Engineering, Computer Science and Informatics, EECSI 2020
PB - Institute of Advanced Engineering and Science
T2 - 7th International Conference on Electrical Engineering, Computer Science and Informatics, EECSI 2020
Y2 - 1 October 2020 through 2 October 2020
ER -