The advanced analysis of digital traces recoverability of WhatsApp program on MacBook

Abstract

Unquestionably, WhatsApp is one of the most pervasive instant message application programs in contemporary digital era. It could be utilized on mobile smart phones or desktop computing devices including Windows-based personal computers and MacBook with Mac OS X. On account of the tremendous amount of information security incidences occurring concerning the usage of WhatsApp program on a MacBook, this research work constructed several cases to validate the recoverability of digital evidences on the computing device. The recoverability of WhatsApp user ID, username, and the contents of instant message dialogues were discussed based on the physical memory acquisition of the MacBook from digital forensics point of view. In addition, by the inherent characteristics and the executing mechanism of the WhatsApp program, the manufacture and the mode of the smartphone was capable of being disclosed by the digital traces accordingly. All the aforementioned disclosed digital traces could be probative digital evidences in a court of law. Therefore, this research work could be substantively applied and extended to other mushrooming cybercrime investigations regarding instant message incidents in the public sector or the noncompliance of computing resource usages in the private sector. The procedures of physical memory acquisition should be scientifically premeditated and systematically conducted due to the volatility of the physical memory of a computing device with rigorous procedures.