Main Article Content

Abstract

WhatsApp is a multiplatform instant messenger with the most users worldwide by 2013. The popularity of WhatsApp has raised the need of better understanding on how it stores chat archives within the application. This knowledge is useful in term of mobile forensics purposes. In this paper, the latest version of WhatsApp applications in two major platforms, Android and iOS are used in order to explore the file systems and database, to learn where and how the messages and other files are stored, and then to analyze the strength and the weakness of this implementation. The main finding of this research is that WhatsApp uses different file system and database structure in its iOS and Android application. While the database in iOS platform is well structured and makes use of good normalization, the database in Android platform is much simpler and stored as encrypted file within the file system. Furthermore, this research also shows that it is relatively easy to recover all messages history from the database in both platforms; given the Android devices have been rooted but not necessarily jailbreak the iOS devices. Based on this finding, it is possible to develop an application to read WhatsApp database and display it in a more user-friendly format to make forensic activity much easier.

Article Details