Main Article Content
Abstract
WhatsApp is a multiplatform instant messenger with the most users worldwide by 2013. The popularity of WhatsApp has raised the need of better understanding on how it stores chat archives within the application. This knowledge is useful in term of mobile forensics purposes. In this paper, the latest version of WhatsApp applications in two major platforms, Android and iOS are used in order to explore the file systems and database, to learn where and how the messages and other files are stored, and then to analyze the strength and the weakness of this implementation. The main finding of this research is that WhatsApp uses different file system and database structure in its iOS and Android application. While the database in iOS platform is well structured and makes use of good normalization, the database in Android platform is much simpler and stored as encrypted file within the file system. Furthermore, this research also shows that it is relatively easy to recover all messages history from the database in both platforms; given the Android devices have been rooted but not necessarily jailbreak the iOS devices. Based on this finding, it is possible to develop an application to read WhatsApp database and display it in a more user-friendly format to make forensic activity much easier.
Article Details
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).