Forensic Analysis of WhatsApp Disappearing Message on Unrooted Android Using Mobile Device Forensics Methodology NIST SP 800-101r1

Dodi Sudiana, Chandra Halim Nuruddin, Mia Rizkinia, Diyanatul Husna

Research output: Contribution to journalArticlepeer-review

Abstract

Digital forensics has a pivotal role in advancing Sustainable Development Goals (SDGs) by enhancing accountability, ensuring digital security, and contributing to environmental sustainability. Digital forensics facilitates investigations for justice, strengthens cybersecurity for resilient infrastructure, and supports environmental sustainability by analyzing data and investigating environmental crimes. WhatsApp's disappearing messages feature, which enables messages to disappear after a user-defined duration, poses new challenges in digital forensics. Criminals can potentially abuse this feature to eliminate message evidence. This research proposes a novel approach to obtaining digital evidence from WhatsApp's disappearing messages using the NIST SP 800-101r1 method. Six scenarios are simulated: forwarded messages, quoted messages, media messages, offline recipients, call history, and unread messages. Forensic analysis of six scenarios from 11–14 June 2023 reveals that 83.33% of disappeared messages could be recovered from backup files and notification logs, while the rest could not be recovered due to missing backup files.

Original languageEnglish
Pages (from-to)516-524
Number of pages9
JournalEvergreen
Volume11
Issue number1
Publication statusPublished - Mar 2024

Keywords

  • disappearing message
  • forensic analysis
  • NIST SP 800-101r1
  • unrooted Android
  • WhatsApp

Fingerprint

Dive into the research topics of 'Forensic Analysis of WhatsApp Disappearing Message on Unrooted Android Using Mobile Device Forensics Methodology NIST SP 800-101r1'. Together they form a unique fingerprint.

Cite this