Digital Forensic Analysis of WeChat on Android: A Detailed Report
VerifiedAdded on 2020/03/04
|13
|3638
|85
Report
AI Summary
This report presents a comprehensive digital forensic analysis of the WeChat application on Android devices. It covers various aspects of forensic investigation, including the identification of installation paths and data acquisition methods, such as using ADB commands for data extraction from both rooted and unrooted devices. The report details techniques for decrypting the encrypted message database, utilizing IMEI and SQLite, and accessing communication records, including text messages, multimedia files, and timestamps. Furthermore, it examines the analysis of WeChat Moments, including the storage of user-shared content and multimedia files within the SnsMicroMsg.db database. The study also explores the conversion of audio file formats used by WeChat, addressing the .aud format and its relation to AMR and SILK-v3. Overall, the report offers a detailed overview of the processes involved in a digital forensic investigation of WeChat on Android, providing insights into data retrieval and analysis methods, drawing information from multiple sources and articles for a comprehensive understanding.
Running head: DIGITAL FORENSIC ON WECHAT ON ANDROID
Digital Forensic on WeChat on Android
Name of the Student
Name of the University
Digital Forensic on WeChat on Android
Name of the Student
Name of the University
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1DIGITAL FORENSIC ON WECHAT ON ANDROID
Table of Contents
1. Introduction:................................................................................................................................2
2. Development:...............................................................................................................................3
2.1 Installation paths and data acquisition...................................................................................3
2.2 Decrypting the messages database.........................................................................................4
2.3 Communication records.........................................................................................................5
2.4 Moments................................................................................................................................6
2.5 Conversion of Audio File Format:.........................................................................................7
3. Conclusion:..................................................................................................................................9
Reference List:...............................................................................................................................10
Table of Contents
1. Introduction:................................................................................................................................2
2. Development:...............................................................................................................................3
2.1 Installation paths and data acquisition...................................................................................3
2.2 Decrypting the messages database.........................................................................................4
2.3 Communication records.........................................................................................................5
2.4 Moments................................................................................................................................6
2.5 Conversion of Audio File Format:.........................................................................................7
3. Conclusion:..................................................................................................................................9
Reference List:...............................................................................................................................10
2DIGITAL FORENSIC ON WECHAT ON ANDROID
1. Introduction:
The selected topic is forensic analysis of WeChat on Android phones. In the whole world,
WeChat can be considered as one of the most used IM or instant messaging android application.
By 2015, WeChat achieved six-hundred and ninety seven million of users from all over two
hundred countries. The article has presented WeChat forensic through five stages such as
installation path and data acquisition, decrypting the message database, communication of
records, moments and conversion of audio file format. The use of the world wide based
application is being extensively increasing each year. Moreover, various criminals are currently
using the application for illegal activities. The application has two basic functionalities such as
chat and moments. In the chat section, the user communicate with other person and in the
moments section, the user shares the life events.
Wu et al. (2017) has provided various information regarding the forensic of the
application on the android devices and analyzed all those gathered data into bounded parameter.
This study has reviewed all those information that was provided into the journal. Moreover,
critically reviews the process of investigating and data gathering process of the author. For better
understanding of the topic various other journals have been accessed and information gathered
from those articles has also been included into this study. The comparison between the
information provided in the articles can be visualized into the study.
This study includes the information gathered from various articles regarding the forensic
investigation of WeChat. The actual study is based on the data gathered by various articles
during investigation of WeChat on android devices. These investigations are the process of
1. Introduction:
The selected topic is forensic analysis of WeChat on Android phones. In the whole world,
WeChat can be considered as one of the most used IM or instant messaging android application.
By 2015, WeChat achieved six-hundred and ninety seven million of users from all over two
hundred countries. The article has presented WeChat forensic through five stages such as
installation path and data acquisition, decrypting the message database, communication of
records, moments and conversion of audio file format. The use of the world wide based
application is being extensively increasing each year. Moreover, various criminals are currently
using the application for illegal activities. The application has two basic functionalities such as
chat and moments. In the chat section, the user communicate with other person and in the
moments section, the user shares the life events.
Wu et al. (2017) has provided various information regarding the forensic of the
application on the android devices and analyzed all those gathered data into bounded parameter.
This study has reviewed all those information that was provided into the journal. Moreover,
critically reviews the process of investigating and data gathering process of the author. For better
understanding of the topic various other journals have been accessed and information gathered
from those articles has also been included into this study. The comparison between the
information provided in the articles can be visualized into the study.
This study includes the information gathered from various articles regarding the forensic
investigation of WeChat. The actual study is based on the data gathered by various articles
during investigation of WeChat on android devices. These investigations are the process of
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3DIGITAL FORENSIC ON WECHAT ON ANDROID
acquiring data of WeChat and decoding the encrypted database, what was communicated by the
user and whom did he/she communicate and the information shred through the moments.
2. Development:
2.1 Installation paths and data acquisition
For the installation of the Wechat application ann installation path is required to be
specified on the android device and by default the path of the application is set as
“/data/data/com.tencent.mm/” and “/sdcard/Tencent/MicroMsg”. The sub directories are created
in the installation location for storing the chat records and the media files. For storing the
configuration of the application “com.tencent.mm” is used. It acts as the database of the
application and the authentication of the users and cache data are also stored here. The directory
created MicroMsg is used for storing the record of the user and activity in WeChat (Wu et al.,
2017). A unique number is created in WeChat for representing the identity of the user and a
personal data folder is created in the installed location “/data/data/com.tencent.mm/MicroMsg”.
Encryption is applied and the personal folder appears using the MD5 number transformed from
the user unique ID. The user directory is also used for storing the multimedia files under the path
“/sdcard/Tencent/MicroMsg”. The multimedia files can be of different types such as audio,
pictures, gifs, videos, etc (Gao & Zhang, 2013). For each of the user a private encrypted folder is
created using the MD5. Rooting the android device can give access permission for the
“com.tencent.mm” directory and it can be used for getting digital evidence from the android
device. The data can be extracted directly from the rooted android device and exported using the
Android Debug Bridge command (adb). The adb pull command is used for accessing the
directory “/data/data/com.tencent.mm”. In case of the unrooted android devices the data cannot
acquiring data of WeChat and decoding the encrypted database, what was communicated by the
user and whom did he/she communicate and the information shred through the moments.
2. Development:
2.1 Installation paths and data acquisition
For the installation of the Wechat application ann installation path is required to be
specified on the android device and by default the path of the application is set as
“/data/data/com.tencent.mm/” and “/sdcard/Tencent/MicroMsg”. The sub directories are created
in the installation location for storing the chat records and the media files. For storing the
configuration of the application “com.tencent.mm” is used. It acts as the database of the
application and the authentication of the users and cache data are also stored here. The directory
created MicroMsg is used for storing the record of the user and activity in WeChat (Wu et al.,
2017). A unique number is created in WeChat for representing the identity of the user and a
personal data folder is created in the installed location “/data/data/com.tencent.mm/MicroMsg”.
Encryption is applied and the personal folder appears using the MD5 number transformed from
the user unique ID. The user directory is also used for storing the multimedia files under the path
“/sdcard/Tencent/MicroMsg”. The multimedia files can be of different types such as audio,
pictures, gifs, videos, etc (Gao & Zhang, 2013). For each of the user a private encrypted folder is
created using the MD5. Rooting the android device can give access permission for the
“com.tencent.mm” directory and it can be used for getting digital evidence from the android
device. The data can be extracted directly from the rooted android device and exported using the
Android Debug Bridge command (adb). The adb pull command is used for accessing the
directory “/data/data/com.tencent.mm”. In case of the unrooted android devices the data cannot
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4DIGITAL FORENSIC ON WECHAT ON ANDROID
be accessed and using the adb pull command (Zhang, Yu & Ji, 2016). It requires new method
and numerous test is required to be done on the device for getting the data. The version of the
android is also dependent for getting the backup of data of the unrooted android devices. The
unrooted backup method work on the weChat version 6.0 and the backup command is used for
compressing the backup to a .tar.gz file and it can be used for getting the necessary data ythat can
be used for the forensics. For the WeChat verison later than 6.0 it is required to be downgraded
and the adb backup command is used for backing the user data (Choi, Park & Kim, 2017). There
is an possibility of loss of data due to down grading the WeChat to the 6.0 version and thus
necessary test is required to be done on the device. The directory “/sdcard/Tencent/MicroMsg”
can be accessed directly and it does not require any root permission so it can be extracted using
the adb pull command for avoiding the risk of loss of data.
2.2 Decrypting the messages database
The messages sent using the WeChat are encrypted for increasing the security and
EnMicroMsg.db is used for the encryption of the message. The encryption is applied using the
SQLCipher (Yuming, Junren & Kai, 2015). Thus a decryption code is required for decryption of
the message and the decryption code can be used by analyzing the IMEI International Mobile
Equipment Identity code of the android device. The unique Id of the WeChat user profile is as
dec_key = Left7 (Md5 (IMEI + uni)), here the Left 7 is used for extracting the first 7 string of the
Md5 value. The IMEI data is used and extracted from the configuration file
“system_config_prefs.xml” and “CompatibilityInfo.cfg” (Chen & Wang, 2015). The encryption
of the database is done using the SQLite where the database file is divided into small blocks of 4
kb and the cipher text of the files are computed using the AES algorithm. The decryption of the
database is done by using the decryption key and converting the cipher text into plain text.
be accessed and using the adb pull command (Zhang, Yu & Ji, 2016). It requires new method
and numerous test is required to be done on the device for getting the data. The version of the
android is also dependent for getting the backup of data of the unrooted android devices. The
unrooted backup method work on the weChat version 6.0 and the backup command is used for
compressing the backup to a .tar.gz file and it can be used for getting the necessary data ythat can
be used for the forensics. For the WeChat verison later than 6.0 it is required to be downgraded
and the adb backup command is used for backing the user data (Choi, Park & Kim, 2017). There
is an possibility of loss of data due to down grading the WeChat to the 6.0 version and thus
necessary test is required to be done on the device. The directory “/sdcard/Tencent/MicroMsg”
can be accessed directly and it does not require any root permission so it can be extracted using
the adb pull command for avoiding the risk of loss of data.
2.2 Decrypting the messages database
The messages sent using the WeChat are encrypted for increasing the security and
EnMicroMsg.db is used for the encryption of the message. The encryption is applied using the
SQLCipher (Yuming, Junren & Kai, 2015). Thus a decryption code is required for decryption of
the message and the decryption code can be used by analyzing the IMEI International Mobile
Equipment Identity code of the android device. The unique Id of the WeChat user profile is as
dec_key = Left7 (Md5 (IMEI + uni)), here the Left 7 is used for extracting the first 7 string of the
Md5 value. The IMEI data is used and extracted from the configuration file
“system_config_prefs.xml” and “CompatibilityInfo.cfg” (Chen & Wang, 2015). The encryption
of the database is done using the SQLite where the database file is divided into small blocks of 4
kb and the cipher text of the files are computed using the AES algorithm. The decryption of the
database is done by using the decryption key and converting the cipher text into plain text.
5DIGITAL FORENSIC ON WECHAT ON ANDROID
The unique Id is the main element used for the computation of the decryption key and in
case of multiple WeChat account in a same android device the unique ID of the last user is kept
in the system_config_prefs.xml file and the personal folder is required to be accessed and the
unique ID is required to be computed from the name used in the personal folder (Chu, Wang &
Deng, 2016). The folder is names as the name of the dir_name i.e. Md5 (mm + uni) and the value
of the uni is 32 bit length and thus it can be searched for finding the value of the uni. More time
is required for finding the value and it can be about 48 hours and pre computation of the 232
names stored in the directory requires storage space of 100 gb and they are stored in the format
of the balanced binary tree (Zhang, 2016). Scripts can be created in different language for
making the decryption process easier and the files are given as input for getting the desired
output from the file. There are different tools that can be used for finding the IMEI and the
EnMicroMsg.db can be used as the input for decrypting the file and finding the pragam key.
2.3 Communication records
For performing a forensic analysis on the communication records of WeChat all
conversation records are required to be accessed and their time and sender information is also
required to be available to the analyst (Yanni & Junren, 2016). The chat in the WeChat
application often contains images, multimedia informations, emojis, voice record and chat
messages. The conversation records of te user is stored in the message table of the database
created in EnMicroMsg.db. There are different storage scheme and for recording the message
and different fields are created for storing different types of messages (Lee & Chung, 2015). The
normal text conversations are stored in the database with a field labelled contents and for the
multimedia contents such as audio, images and videos local storage is used. The multimedia files
can be accessed directly by analyzing the encoded strings and for example if “isSend” is encoded
The unique Id is the main element used for the computation of the decryption key and in
case of multiple WeChat account in a same android device the unique ID of the last user is kept
in the system_config_prefs.xml file and the personal folder is required to be accessed and the
unique ID is required to be computed from the name used in the personal folder (Chu, Wang &
Deng, 2016). The folder is names as the name of the dir_name i.e. Md5 (mm + uni) and the value
of the uni is 32 bit length and thus it can be searched for finding the value of the uni. More time
is required for finding the value and it can be about 48 hours and pre computation of the 232
names stored in the directory requires storage space of 100 gb and they are stored in the format
of the balanced binary tree (Zhang, 2016). Scripts can be created in different language for
making the decryption process easier and the files are given as input for getting the desired
output from the file. There are different tools that can be used for finding the IMEI and the
EnMicroMsg.db can be used as the input for decrypting the file and finding the pragam key.
2.3 Communication records
For performing a forensic analysis on the communication records of WeChat all
conversation records are required to be accessed and their time and sender information is also
required to be available to the analyst (Yanni & Junren, 2016). The chat in the WeChat
application often contains images, multimedia informations, emojis, voice record and chat
messages. The conversation records of te user is stored in the message table of the database
created in EnMicroMsg.db. There are different storage scheme and for recording the message
and different fields are created for storing different types of messages (Lee & Chung, 2015). The
normal text conversations are stored in the database with a field labelled contents and for the
multimedia contents such as audio, images and videos local storage is used. The multimedia files
can be accessed directly by analyzing the encoded strings and for example if “isSend” is encoded
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6DIGITAL FORENSIC ON WECHAT ON ANDROID
as 1 the message was sent to the recipient by the sender or it was sent by the talker. The complete
recovery of the chat message is important for understanding the whole scenario and better
understand the meaning of the communication (Sun & Qin, 2014). The detailed process for
recovering the multimedia file is to find the encoded string
“THUMB_DIRPATH://th_dbb5e4622e87f85226c8da6893698fc0”. Let S1represent the header
string “THUMB_DIRPATH://th_”. The pathof this image is computed as follows:
File_path = <uDir> + “/image2/” +substr(S1,2,3) + “/” + substr(S1,6,7) +”/th_” + S1,
Here, uDir = “/sdcard/Tencent/MicroMsg/<uDir>” and substr(S, start,end) is used for
returning a string at the beginning of the start index and running at the end of the index.
For the audio files it can be fetched by calculating the Md5 value of the encoding string
which is stored in the image path and for the video files it can be get directly in the video folder
and .mp4 format is used for storage of the video files (Dai et al., 2017). Different methods are
analyzed for retrieving the audio, video and the messages and it has been found that are are
different forensic tools available that can be used for retrieval of the messages successfully with
the timestamp. A data table can be created for analyzing the chat history and proceeding with
the forensic analysis.
2.4 Moments
The moments in the WeChat are used by the users for sharing their life events and
achieves with the friends and the contacts in the WeChat list. The user can share their moments
with attaching multimedia files and the messages are stored in the database SnsMicroMsg.db
(Shang, 2016). In the database two tables are created for storing the comments and the other
information separately. The SnsInfo table is used for the Moment messages and it contains the
as 1 the message was sent to the recipient by the sender or it was sent by the talker. The complete
recovery of the chat message is important for understanding the whole scenario and better
understand the meaning of the communication (Sun & Qin, 2014). The detailed process for
recovering the multimedia file is to find the encoded string
“THUMB_DIRPATH://th_dbb5e4622e87f85226c8da6893698fc0”. Let S1represent the header
string “THUMB_DIRPATH://th_”. The pathof this image is computed as follows:
File_path = <uDir> + “/image2/” +substr(S1,2,3) + “/” + substr(S1,6,7) +”/th_” + S1,
Here, uDir = “/sdcard/Tencent/MicroMsg/<uDir>” and substr(S, start,end) is used for
returning a string at the beginning of the start index and running at the end of the index.
For the audio files it can be fetched by calculating the Md5 value of the encoding string
which is stored in the image path and for the video files it can be get directly in the video folder
and .mp4 format is used for storage of the video files (Dai et al., 2017). Different methods are
analyzed for retrieving the audio, video and the messages and it has been found that are are
different forensic tools available that can be used for retrieval of the messages successfully with
the timestamp. A data table can be created for analyzing the chat history and proceeding with
the forensic analysis.
2.4 Moments
The moments in the WeChat are used by the users for sharing their life events and
achieves with the friends and the contacts in the WeChat list. The user can share their moments
with attaching multimedia files and the messages are stored in the database SnsMicroMsg.db
(Shang, 2016). In the database two tables are created for storing the comments and the other
information separately. The SnsInfo table is used for the Moment messages and it contains the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7DIGITAL FORENSIC ON WECHAT ON ANDROID
text multimedia files such as images and videos and different links (Lien & Cao,2014). The
SnsComment table is used for including the sharing message and comments associated with the
post in the database. The major focus on the data is given on the username, cretedTime and the
content. The field username is used for identification of the owner of the message and content is
used for recording the data of sharing message that is stored as a BLOB (binary large object).
The data residing in the content field is used for storing multiple data segments following the
TLD structure (Azfar, Choo, & Liu, 2016). The first byte is used for identification of the type of
the data content, the second byte is used for indication of the length of the data and the third part
is used for storage of the data contents. The details of the format in the content field of the
WeChat Moments can be analyzed using the BLOB data. The key elements used for the content
field are depicted as msg Owner, msgResID, msgContent, msgImagePath2 and msgImagePath
and they are stored in the TLD structure of the database (Zhou et al., 2015). The msgOwner
contains the user who sents the text or message, msgResID contains the identity of the
multimedia resources and it is 20 bytes in length, msgContent contains the text used in the
moment message, msgImagePath2 contains the thumbnail or the path of the image and the
msgImagePath2 is used for storing the image source URL of the image shared in the moments.
For the extraction of the multimedia files from the WeChat server Moments are required to be
explored and is required to be extracted from the cache memory of the device.
2.5 Conversion of Audio File Format:
The audio file format extension of the WeChat application is of “.aud” format which is
modified format of the AMR and SILK-v3. These formats are standard audio file format. In
order to encode and store audio file format, the earlier version of the application used AMR
format. Therefore, through the usage of the FFmpeg package (it is a type of decoder that WeChat
text multimedia files such as images and videos and different links (Lien & Cao,2014). The
SnsComment table is used for including the sharing message and comments associated with the
post in the database. The major focus on the data is given on the username, cretedTime and the
content. The field username is used for identification of the owner of the message and content is
used for recording the data of sharing message that is stored as a BLOB (binary large object).
The data residing in the content field is used for storing multiple data segments following the
TLD structure (Azfar, Choo, & Liu, 2016). The first byte is used for identification of the type of
the data content, the second byte is used for indication of the length of the data and the third part
is used for storage of the data contents. The details of the format in the content field of the
WeChat Moments can be analyzed using the BLOB data. The key elements used for the content
field are depicted as msg Owner, msgResID, msgContent, msgImagePath2 and msgImagePath
and they are stored in the TLD structure of the database (Zhou et al., 2015). The msgOwner
contains the user who sents the text or message, msgResID contains the identity of the
multimedia resources and it is 20 bytes in length, msgContent contains the text used in the
moment message, msgImagePath2 contains the thumbnail or the path of the image and the
msgImagePath2 is used for storing the image source URL of the image shared in the moments.
For the extraction of the multimedia files from the WeChat server Moments are required to be
explored and is required to be extracted from the cache memory of the device.
2.5 Conversion of Audio File Format:
The audio file format extension of the WeChat application is of “.aud” format which is
modified format of the AMR and SILK-v3. These formats are standard audio file format. In
order to encode and store audio file format, the earlier version of the application used AMR
format. Therefore, through the usage of the FFmpeg package (it is a type of decoder that WeChat
8DIGITAL FORENSIC ON WECHAT ON ANDROID
uses) through including “#!AMR” as the file header, the audio files (AMR and .aud format) is
decoded and played.
Gao and Zhang (2013) has used the approach of investing an android application through
volatile and non-volatile memory data acquisition and analysis. The application that the author
investigated is Whatsapp which is also a application like WeChat for the android devices. The
application uses SQLite database for storing the audio files. However, the location of the data
and storage differentiate on the basis of device usage. Wu et al. (2017) has failed to state which
database WeChat particularly uses for storing the audio files. Though the author has included the
database that WeChat currently uses in its most recent version which are EnMicroMsg.db,
SnsMicroMsg.db ad many more.
As opined by Gao and Zhang (2013), in the IPhone, the subfolders which are named as
MD5 hash under the folder named “Audio” records the voice message. There is also a
MesServerID folder that stores the name of the audio files such as the MD5 folder. This is the
eminence free (RF) SILK wideband sound encoding design gave by Skype. Keeping in mind the
end goal to unravel and play the voice message with basic mixed media players amid crime
scene investigation, the encoding configuration of sound records must be changed over. A
SILK_v3 sound document could be changed over to a PCM sound record utilizing the Opus
voice coder11 with the testing rate set at 48 kHz. Since PCM sound is comparative toWAV
sound, the PCM sound document can be decoded and played by regular sound players by
including a WAV record header. The WeChat application on the IPhone device also uses
the .aud format for the audio file extension.
uses) through including “#!AMR” as the file header, the audio files (AMR and .aud format) is
decoded and played.
Gao and Zhang (2013) has used the approach of investing an android application through
volatile and non-volatile memory data acquisition and analysis. The application that the author
investigated is Whatsapp which is also a application like WeChat for the android devices. The
application uses SQLite database for storing the audio files. However, the location of the data
and storage differentiate on the basis of device usage. Wu et al. (2017) has failed to state which
database WeChat particularly uses for storing the audio files. Though the author has included the
database that WeChat currently uses in its most recent version which are EnMicroMsg.db,
SnsMicroMsg.db ad many more.
As opined by Gao and Zhang (2013), in the IPhone, the subfolders which are named as
MD5 hash under the folder named “Audio” records the voice message. There is also a
MesServerID folder that stores the name of the audio files such as the MD5 folder. This is the
eminence free (RF) SILK wideband sound encoding design gave by Skype. Keeping in mind the
end goal to unravel and play the voice message with basic mixed media players amid crime
scene investigation, the encoding configuration of sound records must be changed over. A
SILK_v3 sound document could be changed over to a PCM sound record utilizing the Opus
voice coder11 with the testing rate set at 48 kHz. Since PCM sound is comparative toWAV
sound, the PCM sound document can be decoded and played by regular sound players by
including a WAV record header. The WeChat application on the IPhone device also uses
the .aud format for the audio file extension.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9DIGITAL FORENSIC ON WECHAT ON ANDROID
From the above discussion it has been clear that the use of the audio files in the WeChat
on android device is used effectively and efficiently. The name tag stored in the MesServerID
folder is used for better search of the files from the database.
3. Conclusion:
Through creating the above study, it has been understood that the digital forensic
investigation is a critical and in-depth analysis of a digital application. An application that is
installed in various mobile platforms such as windows, android and IPphoe, uses almost same
kind of technology. However, the application may differ in internal functionalities due to the
technicalities and features of the operating system. Forensic investigations can be done on the
basis of the various factors such as memory, functions, features and many more. The internal
functions of the applications of android vary due to the application efficiency mainly.
There are still various factors that the author could have included into the article such as
investigation through the storage factors. This thing can be done through two ways. The first way
is to investigating through memory type and another is storage locations.
The value that has been found through the study is that gathering data from various
articles is an essential and valuable task. It is because, this allows to gather adequate amount of
data and provides the opportunity to verify data gathered from the sources.
From the above discussion it has been clear that the use of the audio files in the WeChat
on android device is used effectively and efficiently. The name tag stored in the MesServerID
folder is used for better search of the files from the database.
3. Conclusion:
Through creating the above study, it has been understood that the digital forensic
investigation is a critical and in-depth analysis of a digital application. An application that is
installed in various mobile platforms such as windows, android and IPphoe, uses almost same
kind of technology. However, the application may differ in internal functionalities due to the
technicalities and features of the operating system. Forensic investigations can be done on the
basis of the various factors such as memory, functions, features and many more. The internal
functions of the applications of android vary due to the application efficiency mainly.
There are still various factors that the author could have included into the article such as
investigation through the storage factors. This thing can be done through two ways. The first way
is to investigating through memory type and another is storage locations.
The value that has been found through the study is that gathering data from various
articles is an essential and valuable task. It is because, this allows to gather adequate amount of
data and provides the opportunity to verify data gathered from the sources.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10DIGITAL FORENSIC ON WECHAT ON ANDROID
Reference List:
Azfar, A., Choo, K. K. R., & Liu, L. (2016, January). An android social app forensics adversary
model. In System Sciences (HICSS), 2016 49th Hawaii International Conference on (pp. 5597-
5606). IEEE.
Chen, L., & Wang, Y. Q. (2015). Forensic Analysis towards the user behavior of Sina microblog.
Choi, J., Park, J., & Kim, H. (2017, February). Forensic analysis of the backup database file in
KakaoTalk messenger. In Big Data and Smart Computing (BigComp), 2017 IEEE International
Conference on (pp. 156-161). IEEE.
Chu, H. C., Wang, G. G., & Deng, D. J. (2016). The social networking investigation of metadata
of forensic artifacts of a typical WeChat session under Windows. Security and Communication
Networks, 9(18), 5698-5709.
Dai, Z., Chua, T. W., Balakrishnan, D. K., & Thing, V. L. (2017). Chat-App Decryption Key
Extraction Through Information Flow Analysis.
Gao, F., & Zhang, Y. (2013). Analysis of WeChat on iPhone. In 2nd International Symposium on
Computer, Communication, Control, and Automation (3CA) (pp. 278-281).
Gao, F., & Zhang, Y. (2013). Analysis of WeChat on iPhone. In 2nd International Symposium on
Computer, Communication, Control, and Automation (3CA) (pp. 278-281).
Gao, F., & Zhang, Y. (2013, December). Analysis of WeChat on iPhone. In 2nd International
Symposium on Computer, Communication, Control, and Automation (3CA) (pp. 278-281).
Reference List:
Azfar, A., Choo, K. K. R., & Liu, L. (2016, January). An android social app forensics adversary
model. In System Sciences (HICSS), 2016 49th Hawaii International Conference on (pp. 5597-
5606). IEEE.
Chen, L., & Wang, Y. Q. (2015). Forensic Analysis towards the user behavior of Sina microblog.
Choi, J., Park, J., & Kim, H. (2017, February). Forensic analysis of the backup database file in
KakaoTalk messenger. In Big Data and Smart Computing (BigComp), 2017 IEEE International
Conference on (pp. 156-161). IEEE.
Chu, H. C., Wang, G. G., & Deng, D. J. (2016). The social networking investigation of metadata
of forensic artifacts of a typical WeChat session under Windows. Security and Communication
Networks, 9(18), 5698-5709.
Dai, Z., Chua, T. W., Balakrishnan, D. K., & Thing, V. L. (2017). Chat-App Decryption Key
Extraction Through Information Flow Analysis.
Gao, F., & Zhang, Y. (2013). Analysis of WeChat on iPhone. In 2nd International Symposium on
Computer, Communication, Control, and Automation (3CA) (pp. 278-281).
Gao, F., & Zhang, Y. (2013). Analysis of WeChat on iPhone. In 2nd International Symposium on
Computer, Communication, Control, and Automation (3CA) (pp. 278-281).
Gao, F., & Zhang, Y. (2013, December). Analysis of WeChat on iPhone. In 2nd International
Symposium on Computer, Communication, Control, and Automation (3CA) (pp. 278-281).
11DIGITAL FORENSIC ON WECHAT ON ANDROID
Lee, C., & Chung, M. (2015). Digital Forensic Analysis on Window8 Style UI Instant Messenger
Applications. In Computer Science and its Applications (pp. 1037-1042). Springer, Berlin,
Heidelberg.
Lien, C. H., & Cao, Y. (2014). Examining WeChat users’ motivations, trust, attitudes, and
positive word-of-mouth: Evidence from China. Computers in Human Behavior, 41, 104-111.
Shang, W. (2016). Construction and Application of WeChat Learning Platform in" Folk
Literature" Teaching. International Journal of Emerging Technologies in Learning, 11(5).
Sun, W., & Qin, X. (2014, October). End-to-end delay analysis of wechat video call service in
live dc-hspa+ network. In Wireless Communications and Signal Processing (WCSP), 2014 Sixth
International Conference on (pp. 1-5). IEEE.
Wu, S., Zhang, Y., Wang, X., Xiong, X., & Du, L. (2017). Forensic analysis of WeChat on
Android smartphones. Digital Investigation, 21, 3-10.
Wu, S., Zhang, Y., Wang, X., Xiong, X., & Du, L. (2017). Forensic analysis of WeChat on
Android smartphones. Digital Investigation, 21, 3-10.
Yanni, Y., & Junren, M. (2016). The Survey and Analysis about the Construction of Mobile
Micro-Service of Academic Library. Library Work and Study, 11, 014.
Yuming, Z., Junren, M., & Kai, G. (2015). An Analysis of Application and Current Situation of
We Chat about the Project 211 University Libraries. Research on Library Science, 15, 004.
Zhang, L., Yu, F., & Ji, Q. (2016, July). The Forensic Analysis of WeChat Message. In
Instrumentation & Measurement, Computer, Communication and Control (IMCCC), 2016 Sixth
International Conference on (pp. 500-503). IEEE.
Lee, C., & Chung, M. (2015). Digital Forensic Analysis on Window8 Style UI Instant Messenger
Applications. In Computer Science and its Applications (pp. 1037-1042). Springer, Berlin,
Heidelberg.
Lien, C. H., & Cao, Y. (2014). Examining WeChat users’ motivations, trust, attitudes, and
positive word-of-mouth: Evidence from China. Computers in Human Behavior, 41, 104-111.
Shang, W. (2016). Construction and Application of WeChat Learning Platform in" Folk
Literature" Teaching. International Journal of Emerging Technologies in Learning, 11(5).
Sun, W., & Qin, X. (2014, October). End-to-end delay analysis of wechat video call service in
live dc-hspa+ network. In Wireless Communications and Signal Processing (WCSP), 2014 Sixth
International Conference on (pp. 1-5). IEEE.
Wu, S., Zhang, Y., Wang, X., Xiong, X., & Du, L. (2017). Forensic analysis of WeChat on
Android smartphones. Digital Investigation, 21, 3-10.
Wu, S., Zhang, Y., Wang, X., Xiong, X., & Du, L. (2017). Forensic analysis of WeChat on
Android smartphones. Digital Investigation, 21, 3-10.
Yanni, Y., & Junren, M. (2016). The Survey and Analysis about the Construction of Mobile
Micro-Service of Academic Library. Library Work and Study, 11, 014.
Yuming, Z., Junren, M., & Kai, G. (2015). An Analysis of Application and Current Situation of
We Chat about the Project 211 University Libraries. Research on Library Science, 15, 004.
Zhang, L., Yu, F., & Ji, Q. (2016, July). The Forensic Analysis of WeChat Message. In
Instrumentation & Measurement, Computer, Communication and Control (IMCCC), 2016 Sixth
International Conference on (pp. 500-503). IEEE.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.