Analysis of Autopsy Mobile Forensic Tools against Unsent Messages on WhatsApp Messaging Application

This paper discusses the new feature that is implemented in most social media messaging applications: the unsent feature, where the sender can delete the message he sent both in the sender and the recipient devices. This new feature poses a new challenge in mobile forensic, as it could potentially delete sent messages that can be used as evidence without the means to retrieves it. This paper aims to analyze how well the Autopsy open-source mobile forensics tools in extracting and identifying the deleted messages, both that are sent or received. The device used in this paper is a Redmi Xiaomi Note 4, which has its userdata block extracted using linux command, and the application we're using is WhatsApp. Autopsy will analyze the extracted image and see what information can be extracted from the unsent messages. From the result of our experiment, Autopsy is capable of obtaining substantial information, but due to how each vendor and mobile OS store files and databases differently, only WhatsApp data can be extracted from the device. And based on the WhatsApp data analysis, Autopsy is not capable of retrieving the deleted messages. However it can detect the deleted data that is sent from the device. And using sqlite3 database browser, the author can find remnants of received deleted messages from the extracted files by Autopsy

Framework Design for the Retrieval of Instant Messaging in Social Media as Electronic Evidence

The rapid growth of social media features not only brings many advantages but also causes problems. Mainly related to digital evidence when cybercrime occurs. One of the social media features that are currently popular is the unsend message feature in instant messaging applications such as Instagram, Whatsapp, Facebook Messenger, Skype, Viber, and Telegram. In the case of cybercrime, the perpetrator can delete the messages and erase digital evidence, making it difficult to trace. Those artifact messages might be useful for law enforcement or forensic investigators to be used as digital evidence in court. Therefore, an effective and efficient framework is needed in the mobile forensic investigation process to guarantee the integrity of the data obtained. This paper will discuss the review of several international standards on mobile forensics, namely NIST SP 800-101, ISO/ IEC, and SWGDE. This paper also proposes a framework design to retrieve unsend data artifacts on social media according to official and widely used international mobile forensic standards