Forensic Analysis of Android-based Instant Messaging Application

Abstract

The rapid development of Android technology has an impact on the increasing number of devices that use Android as operating system. Applications developed for the Android platform are also very diverse, including instant messaging applications. Short Message Service, Blackberry Messenger, Line, and WhatsApp are multi-platform instant messaging applications with lots of users, so the possibility of digital crime that occurs by digital crime perpetrators has also increased significantly. The process of investigating digital crime cases require digital evidence to solve it. The process of obtaining digital evidence requires a forensic investigation technique against the physical evidence that has been obtained using certain methods. This research focuses on forensic steps to obtain digital evidence from Instant Messaging application on Android smartphones and smartwatches using widely used mobile forensic software, namely, Andriller, Oxygen Forensic Suite, WhatsApp DB / Key Extractor, and Metasploit using a framework developed by the National Institute of Standard Technology (NIST). The results of this research are presented in the form of a comparison table of artifact extraction success rate from each tool. The conclusions obtained from this research are: forensic measures carried out based on the NIST Mobile Forensics framework can be applied to the digital evidence retrieval process Instant Messaging applications on smartphones and Android smartwatches with Oxygen Forensic Suite has the highest successful rate at 57.14% on BBM and WhatsApp artifact extraction and 42.85 on Smartwatch’s SMS and LINE Messenger artifact extraction. WhatsApp DB/ Key Extractor has the highest successful rate at 42.85 on Smartphone’s WhatsApp artifact extraction but has weakness in Smartwatch’s SMS, BBM, and LINE Messenger artifact extraction and Metasploit has the lowest success ratio.