Forensic analysis of instant messaging apps: Decrypting Wickr and private text messaging data

Abstract

Currently, obtaining digital evidence from instant messaging (IM) apps is being considered. IM apps store personal user data, e.g., user information, chat messages, and multimedia files, most IM apps protect the stored data using secure cryptographic algorithms such that only an authorized person can access the app data. Accordingly, it is important to develop a decryption method for IM app data for digital forensic investigations. In this paper, we present how the database and main files of IM apps are stored and encrypted, as well as how the apps verify passwords. We also present a decryption methodology for the databases and multimedia files of two IM apps, i.e., Wickr and Private Text Messaging, which provide various secure communications, e.g., text messages and multimedia files. The decrypted data of these IM apps was verified in simulations.