The Forensic Analysis of WeChat Message
暂无分享,去创建一个
WeChat is a popular instant messaging application on Android, iPhone and BlackBerry smart phones, whose chat messages are all stored in local installation folder. This paper studied the data forensic techniques of WeChat messages including the identification of storage location, storage structure and information extraction methods. Since the text message is stored in encrypted SQLite database, we detailedly analyze its cryptographic algorithm, key derivation principle and present the corresponding database decryption process in different practical forensic circumstances. In addition, we exploit the data recovery of voice and deleted messages which would also be helpful in data forensic for criminal investigation.
[1] Mike Owens. The Definitive Guide to SQLite (Definitive Guide) , 2006 .
[2] William Bradley Glisson,et al. Investigating the Increase in Mobile Phone Evidence in Criminal Activities , 2013, 2013 46th Hawaii International Conference on System Sciences.
[3] Sheila Frankel,et al. The AES-CBC Cipher Algorithm and Its Use with IPsec , 2003, RFC.
[4] Burton S. Kaliski,et al. PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.