Date of Award
Spring 2015
Degree Type
Thesis
Degree Name
Master of Science (MS)
Department
Computer and Information Technology
First Advisor
Marcus Rogers
Second Advisor
Eric Matson
Third Advisor
Baijian Yang
Committee Chair
Marcus Rogers
Committee Co-Chair
Eric Matson
Committee Member 1
Baijian Yang
Abstract
Instant messaging (IM) applications on smart phones are being used across the globe for various modes of communication. They gained popularity mainly due to their cross-platform compatibility and minimal or no cost addition. This popularity is also reflected in their use in criminal activities such as threatening, hate speech, and bullying. Very few publications exist in the mobile forensics domain on the analysis of IM applications on Android phones without gaining root access. Since every IM application follows its own communication protocol, there is a significant diversity in the information that could be stored by IM applications on Android phones. So it is important to know which artifacts related to IM applications could be retrieved by tools reliably. In this work, a known set of data was populated on Android phone using WeChat application. The test phone was logically imaged with Android Debug Bridge (ADB) and Mobile Phone Examiner Plus (MPE+) logical tools. Validity and reliability of the test results produced by logical tools were checked by extracting logical image ten times using each tool. In every extraction, validity was checked by comparing the extracted set of artifacts with known populated set of artifacts. Reliability of each tool was checked by comparing the extracted file names and their hash values from each time with the sets of data from other times. Out of the two tested tools, ADB recovered all the shared media and downloaded documents files with time stamps. Shared media files includes sent and received images, videos, audios, stickers and downloaded images and videos. Additionally, profile pictures of the user and participants were also found
Recommended Citation
Silla, Chandrika, "WeChat forensic artifacts: Android phone extraction and analysis" (2015). Open Access Theses. 615.
https://docs.lib.purdue.edu/open_access_theses/615