Skip to main content
SpringerLink
Log in

Forensic Analysis of Secure Ephemeral Messaging Applications on Android Platforms

  • Conference paper
  • First Online:
Global Security, Safety and Sustainability - The Security Challenges of the Connected World (ICGS3 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 630))

Abstract

Secure messaging applications have been used for the purposes of major crime, creating the need for forensic research into the area. This paper forensically analyses two secure messaging applications, Wickr and Telegram, to recover artefacts from and then to compare them to reveal the differences between the applications. The artefacts were created on Android platforms by using the secure features of the applications, such as ephemeral messaging, the channel function and encrypted conversations. The results of the experiments documented in this paper give insight into the organisation of the data structures by both Wickr and Telegram, as well as the exploration of mobile digital forensics techniques to recover artefacts removed by the ephemeral functions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Google Play. https://play.google.com/store?hl=en_GB. Accessed Sept 2016

  2. Almasy, S., Meilhan P., Bittermann, J.: Paris massacre: at least 128 killed in gunfire and blasts, French officials say (2015). http://edition.cnn.com/2015/11/13/world/paris-shooting/. Accessed Sept 2016

  3. Madi, M., Ryder, S., Macfarlane, J., Beach, A., Park, V.: As it happened: Charlie Hebdo attack (2016). http://www.bbc.co.uk/news/live/world-europe-30710777. Accessed Sept 2016

  4. Roussinous, A.: The social media Accounts of British Jihadis in Syria just got a lot more distressing (2014). http://www.vice.com/en_uk/read/british-jihadis-beheading-prisoners-syria-isis-terrorism. Accessed Sept 2016

  5. Torok, R.: (2015). http://theconversation.com/how-social-media-was-key-to-islamic-states-attacks-on-paris-50743. Accessed 20 July 2016

  6. Vidino, L., Hughes, S.: ISIS in America: from retweets to Raqqa (2015). http://www.stratcomcoe.org/download/file/fid/2828. Accessed Sept 2016

  7. Apple App Store. http://www.apple.com/uk/itunes/. Accessed Sept 2016

  8. Perklin, M.: (2012). https://www.defcon.org/images/defcon-20/dc-20-presentations/Perklin/DEFCON-20-Perklin-AntiForensics.pdf

  9. Wickr Official Website. https://www.wickr.com. Accessed Sept 2016

  10. Telegram Official Website. https://telegram.org. Accessed Sept 2016

  11. Anderson, M.: The demographics of device ownership (2015). http://www.pewinternet.org/2015/10/29/the-demographics-of-device-ownership/. Accessed Sept 2016

  12. SnapChat (2014). http://mwpartners.com/snapchat-is-now-the-third-most-popular-social-network-among-millennials/. Accessed Sept 2016

  13. Barot, T., Oren, E.: Guide to Chat Apps (2015). http://towcenter.org/research/guide-to-chat-apps/. Accessed Sept 2016

  14. Amir, W.: Viber to Put Full End-to-End Encryption on Their Messaging App (2016). https://www.hackread.com/viber-end-to-end-encryption-on-messaging-app/. Accessed Sept 2016

  15. Mathur, N.: Facebook Messenger joins WhatApp in end-to-end encryption (2016). http://www.livemint.com/Consumer/llIJ9Est0ZZIYfmvRSsTZP/Facebook-Messenger-joins-WhatsApp-in-endtoend-encryption.html. Accessed Sept 2016

  16. Mutawa, N.A., Baggili, I., Marrington, A.: Forensic analysis of social networking applications on mobile devices. Digit. Invest. 9, 24–33 (2012)

    Article  Google Scholar 

  17. Wu, C., Vance, C., Boggs, R., Fenger, T.: Forensic Analysis of Data Transience Applications in iOS and Android (2013). http://www.marshall.edu/forensics/files/Wu-Poster.pdf. Accessed Sept 2016

  18. Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of Android social-messaging applications. Digit. Invest. 14, 77–84 (2015)

    Article  Google Scholar 

  19. Mehrotra, T., Mehtre, B.M.: Forensic analysis of Wickr application on android devices. IEEE International Conference on Computing Intelligence and Computing Research, pp. 1–6 (2013)

    Google Scholar 

  20. Satrya, G.B., Daely, P.T., Nugroho, M.A.: Digital forensic analysis of Telegram Messenger on Android devices. In: 10th International Conference on Information and Communication Technology and System, Indonesia (2016)

    Google Scholar 

  21. ADB tool. https://developer.android.com/studio/command-line/adb.html. Accessed Sept 2016

  22. Linux Man Page. http://linux.die.net/man/1/dd. Accessed Sept 2016

  23. Memory Dump. https://play.google.com/store/apps/details?id=com.cert.memdump&hl=en. Accessed Sept 2016

  24. Dex2Jar tool. https://github.com/pxb1988/dex2jar. Accessed Sept 2016

  25. Java Decompiler tool. http://jd.benow.ca. Accessed Sept 2016

  26. SleuthKit tool. http://www.sleuthkit.org. Accessed Sept 2016

  27. Telegram Channel (2015). https://telegram.org/blog/channels. Accessed Sept 2016

  28. Cuthbertson, A.: (2015). http://www.ibtimes.co.uk/isis-telegram-channel-doubles-followers-9000-less-1-week-1523665. Accessed Sept 2016

  29. DB Browser for SQLite Official Website. http://sqlitebroswer.org. Accessed Sept 2016

  30. X-Ways Forensics: WinHex. https://www.x-ways.net/winhex/index-m.html. Accessed Sept 2016

  31. Sedory, D.B.: Drive Offset and Sector Conversions (2012). http://thestarman.pcministry.com/asm/mbr/DriveOffsets.htm. Accessed Sept 2016

  32. Oxygen Forensics Official Website. http://www.oxygen-forensic.com. Accessed Sept 2016

  33. Shortall, A., Azhar, M.A.H.B.: Forensic acquisitions of WhatsApp data on popular mobile platforms. In: Sixth International Conference on Emerging Security Technologies (EST), pp. 13–17. IEEE Press, Technische Universitaet Braunschweig, Germany (2015)

    Google Scholar 

  34. Samsung Galaxy Mini Official Web Page. http://www.samsung.com/uk/consumer/mobile-devices/smartphones/galaxy-s/GT-I9195ZKABTU. Accessed Sept 2016

  35. Allwinner A13 User Manual. http://linux-sunxi.org/A13. Accessed Sept 2016

  36. Woods, V., Meulen, R.V.D.: Gartner Says Worldwide Smartphone Sales Grew 3.9 Percent in First Quarter of 2016 (2016). http://www.gartner.com/newsroom/id/3323017. Accessed Sept 2016

Download references

Author information

Authors and Affiliations

  1. Computing, Digital Forensics and Cybersecurity, Canterbury Christ Church University, Canterbury, UK

    M. A. Hannan Bin Azhar & Thomas Edward Allen Barton

Authors
  1. M. A. Hannan Bin Azhar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Edward Allen Barton
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. A. Hannan Bin Azhar .

Editor information

Editors and Affiliations

  1. GSM London Meridian House, London, United Kingdom

    Hamid Jahankhani

  2. SC Strategy Limited, London, United Kingdom

    Alex Carlile

  3. Kaspersky Lab, London, United Kingdom

    David Emm

  4. Leeds Beckett University, Leeds, United Kingdom

    Amin Hosseinian-Far

  5. Northumbria University, London, United Kingdom

    Guy Brown

  6. Northumbria University, Newcastle upon Tyne, United Kingdom

    Graham Sexton

  7. QAHE with Northumbria University, London, United Kingdom

    Arshad Jamal

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Azhar, M.A.H.B., Barton, T.E.A. (2016). Forensic Analysis of Secure Ephemeral Messaging Applications on Android Platforms. In: Jahankhani, H., et al. Global Security, Safety and Sustainability - The Security Challenges of the Connected World. ICGS3 2017. Communications in Computer and Information Science, vol 630. Springer, Cham. https://doi.org/10.1007/978-3-319-51064-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51064-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51063-7

  • Online ISBN: 978-3-319-51064-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation