Abstract
Secure messaging applications have been used for the purposes of major crime, creating the need for forensic research into the area. This paper forensically analyses two secure messaging applications, Wickr and Telegram, to recover artefacts from and then to compare them to reveal the differences between the applications. The artefacts were created on Android platforms by using the secure features of the applications, such as ephemeral messaging, the channel function and encrypted conversations. The results of the experiments documented in this paper give insight into the organisation of the data structures by both Wickr and Telegram, as well as the exploration of mobile digital forensics techniques to recover artefacts removed by the ephemeral functions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Google Play. https://play.google.com/store?hl=en_GB. Accessed Sept 2016
Almasy, S., Meilhan P., Bittermann, J.: Paris massacre: at least 128 killed in gunfire and blasts, French officials say (2015). http://edition.cnn.com/2015/11/13/world/paris-shooting/. Accessed Sept 2016
Madi, M., Ryder, S., Macfarlane, J., Beach, A., Park, V.: As it happened: Charlie Hebdo attack (2016). http://www.bbc.co.uk/news/live/world-europe-30710777. Accessed Sept 2016
Roussinous, A.: The social media Accounts of British Jihadis in Syria just got a lot more distressing (2014). http://www.vice.com/en_uk/read/british-jihadis-beheading-prisoners-syria-isis-terrorism. Accessed Sept 2016
Torok, R.: (2015). http://theconversation.com/how-social-media-was-key-to-islamic-states-attacks-on-paris-50743. Accessed 20 July 2016
Vidino, L., Hughes, S.: ISIS in America: from retweets to Raqqa (2015). http://www.stratcomcoe.org/download/file/fid/2828. Accessed Sept 2016
Apple App Store. http://www.apple.com/uk/itunes/. Accessed Sept 2016
Perklin, M.: (2012). https://www.defcon.org/images/defcon-20/dc-20-presentations/Perklin/DEFCON-20-Perklin-AntiForensics.pdf
Wickr Official Website. https://www.wickr.com. Accessed Sept 2016
Telegram Official Website. https://telegram.org. Accessed Sept 2016
Anderson, M.: The demographics of device ownership (2015). http://www.pewinternet.org/2015/10/29/the-demographics-of-device-ownership/. Accessed Sept 2016
SnapChat (2014). http://mwpartners.com/snapchat-is-now-the-third-most-popular-social-network-among-millennials/. Accessed Sept 2016
Barot, T., Oren, E.: Guide to Chat Apps (2015). http://towcenter.org/research/guide-to-chat-apps/. Accessed Sept 2016
Amir, W.: Viber to Put Full End-to-End Encryption on Their Messaging App (2016). https://www.hackread.com/viber-end-to-end-encryption-on-messaging-app/. Accessed Sept 2016
Mathur, N.: Facebook Messenger joins WhatApp in end-to-end encryption (2016). http://www.livemint.com/Consumer/llIJ9Est0ZZIYfmvRSsTZP/Facebook-Messenger-joins-WhatsApp-in-endtoend-encryption.html. Accessed Sept 2016
Mutawa, N.A., Baggili, I., Marrington, A.: Forensic analysis of social networking applications on mobile devices. Digit. Invest. 9, 24–33 (2012)
Wu, C., Vance, C., Boggs, R., Fenger, T.: Forensic Analysis of Data Transience Applications in iOS and Android (2013). http://www.marshall.edu/forensics/files/Wu-Poster.pdf. Accessed Sept 2016
Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of Android social-messaging applications. Digit. Invest. 14, 77–84 (2015)
Mehrotra, T., Mehtre, B.M.: Forensic analysis of Wickr application on android devices. IEEE International Conference on Computing Intelligence and Computing Research, pp. 1–6 (2013)
Satrya, G.B., Daely, P.T., Nugroho, M.A.: Digital forensic analysis of Telegram Messenger on Android devices. In: 10th International Conference on Information and Communication Technology and System, Indonesia (2016)
ADB tool. https://developer.android.com/studio/command-line/adb.html. Accessed Sept 2016
Linux Man Page. http://linux.die.net/man/1/dd. Accessed Sept 2016
Memory Dump. https://play.google.com/store/apps/details?id=com.cert.memdump&hl=en. Accessed Sept 2016
Dex2Jar tool. https://github.com/pxb1988/dex2jar. Accessed Sept 2016
Java Decompiler tool. http://jd.benow.ca. Accessed Sept 2016
SleuthKit tool. http://www.sleuthkit.org. Accessed Sept 2016
Telegram Channel (2015). https://telegram.org/blog/channels. Accessed Sept 2016
Cuthbertson, A.: (2015). http://www.ibtimes.co.uk/isis-telegram-channel-doubles-followers-9000-less-1-week-1523665. Accessed Sept 2016
DB Browser for SQLite Official Website. http://sqlitebroswer.org. Accessed Sept 2016
X-Ways Forensics: WinHex. https://www.x-ways.net/winhex/index-m.html. Accessed Sept 2016
Sedory, D.B.: Drive Offset and Sector Conversions (2012). http://thestarman.pcministry.com/asm/mbr/DriveOffsets.htm. Accessed Sept 2016
Oxygen Forensics Official Website. http://www.oxygen-forensic.com. Accessed Sept 2016
Shortall, A., Azhar, M.A.H.B.: Forensic acquisitions of WhatsApp data on popular mobile platforms. In: Sixth International Conference on Emerging Security Technologies (EST), pp. 13–17. IEEE Press, Technische Universitaet Braunschweig, Germany (2015)
Samsung Galaxy Mini Official Web Page. http://www.samsung.com/uk/consumer/mobile-devices/smartphones/galaxy-s/GT-I9195ZKABTU. Accessed Sept 2016
Allwinner A13 User Manual. http://linux-sunxi.org/A13. Accessed Sept 2016
Woods, V., Meulen, R.V.D.: Gartner Says Worldwide Smartphone Sales Grew 3.9 Percent in First Quarter of 2016 (2016). http://www.gartner.com/newsroom/id/3323017. Accessed Sept 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Azhar, M.A.H.B., Barton, T.E.A. (2016). Forensic Analysis of Secure Ephemeral Messaging Applications on Android Platforms. In: Jahankhani, H., et al. Global Security, Safety and Sustainability - The Security Challenges of the Connected World. ICGS3 2017. Communications in Computer and Information Science, vol 630. Springer, Cham. https://doi.org/10.1007/978-3-319-51064-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-51064-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51063-7
Online ISBN: 978-3-319-51064-4
eBook Packages: Computer ScienceComputer Science (R0)