Analysis of Autopsy Mobile Forensic Tools against Unsent Messages on WhatsApp Messaging Application

Fahdiaz Alief, Yohan Suryanto, Linda Rosselina, Tofan Hermawan

Abstract


This paper discusses the new feature that is implemented in most social media messaging applications: the unsent feature, where the sender can delete the message he sent both in the sender and the recipient devices. This new feature poses a new challenge in mobile forensic, as it could potentially delete sent messages that can be used as evidence without the means to retrieves it. This paper aims to analyze how well the Autopsy open-source mobile forensics tools in extracting and identifying the deleted messages, both that are sent or received. The device used in this paper is a Redmi Xiaomi Note 4, which has its userdata block extracted using linux command, and the application we're using is WhatsApp. Autopsy will analyze the extracted image and see what information can be extracted from the unsent messages. From the result of our experiment, Autopsy is capable of obtaining substantial information, but due to how each vendor and mobile OS store files and databases differently, only WhatsApp data can be extracted from the device. And based on the WhatsApp data analysis, Autopsy is not capable of retrieving the deleted messages. However it can detect the deleted data that is sent from the device. And using sqlite3 database browser, the author can find remnants of received deleted messages from the extracted files by Autopsy.

Keywords


Mobile forensic; Whatsapp; Unsent feature; Autopsy

Full Text: PDF

Refbacks

  • There are currently no refbacks.