Abstract
Digital Evidence is becoming an indispensable factor in most legal cases. However, technological advancements that lead to artifact complexity, are forcing investigators to create sophisticated connections between the findings and the suspects for admissibility of evidence in court. This paper scrutinizes whether IndexedDB, an emerging browser technology, can be a source of digital evidence to provide additional and correlating support for traditional investigation methods. It particularly focuses on the artifacts of the worldwide popular application, WhatsApp. A single case pretest–posttest quasi experiment is applied with WhatsApp Messenger and Web Application to populate and investigate artifacts in IndexedDB storage of Google Chrome. The findings are characterized and presented with their potential to be utilized in forensic investigation verifications. The storage locations of the artifacts are laid out and operations of extraction, conversion and presentation are systematized. Additionally, a proof of concept tool is developed for demonstration. The results show that WhatsApp Web IndexedDB storage can be employed for time frame analysis, demonstrating its value in evidence verification.
Highlights
Digital evidence has been a major contributor to the decision making of many important cases over the past few decades [1]
The results obtained from the quasi-experiment are evaluated for the two hypotheses that are used in this research: the artifact value for forensic investigations and timeline relevance
The records that are observed valuable for forensic investigations are observed to be present in UTF-16 encoded human readable form in the same log files as well
Summary
Digital evidence has been a major contributor to the decision making of many important cases over the past few decades [1]. Signature cases such as the murder trials of Casey Anthony [2] and Christian Aguilar [3], further indicate the strong dependency on digital evidence as the cases’ final decisions were made based on digital evidence. More cases will be dependent on digital evidence. According to W3C specifications, IndexedDB utilizes B-tree structures for efficient database operations. B-trees are data structures that enable efficient manipulation of data in large databases [20]. In our previous study in 2019 [6], we discovered that top websites of the US listed by Alexa [22] have been highly utilizing IndexedDB technology since its full adoption
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
