Upload File

whatsapp forensics: locating artifacts on web …whatsapp forensics: locating artifacts on web...

  • Home
  • Documents
  • WHATSAPP FORENSICS: LOCATING ARTIFACTS ON WEB …WHATSAPP FORENSICS: LOCATING ARTIFACTS ON WEB CLIENTS AND STANDALONE DESKTOP APPLICATIONS Nicolás Villacís Vukadinović, Dr. Kathryn
1
WHATSAPP FORENSICS: LOCATING ARTIFACTS ON WEB CLIENTS AND STANDALONE DESKTOP APPLICATIONS Nicolás Villacís Vukadinović, Dr. Kathryn Seigfried-Spellar, Dr. Marcus Rogers & Dr. Umit Karabiyik Computer and Information Technology Cyber Forensics Laboratory Facts Most popular instant messaging application worldwide 1.5 billion monthly active users (July 2018) Used in over 180 countries Findings: WhatsApp log file, main source of artifacts Cached profile pictures Application run count/time/date URL visit count/time/date Overall, Chrome/Firefox web clients log the most information WhatsApp web client user interface Study flowchart Category Artifact action,presence,[available/unavailable] action,chatstate,[composing/paused/recording] action,message,[image/video/chat/vcard/document/ptt] action,msgs,delete action,block,true,18125730324 action,battery,84,false action,group,create action,set_pic,17653278892@c action,pushname action,status,set action,chat,read,{"fromMe":false,"remote":18125730324@c. us…} action,status,read,{"fromMe":false,"remote":"s&ð>@broadca st","id":"C259586486C33C79E0482B1F346C9D98…}" Media:sendToChat chat [email protected] Media:sendToChat chat [email protected] action,msg,relay,[chat,image,video],[email protected],176 [email protected] action,msg,relay,image,status@broadcast,[email protected] s,false_status@broadcast_FCECD863D949D0AAD2DFE72 60AD9DC4B,[email protected]" profilePic:cache-save: profile_pic_thumb AppUpdate:update current: 0.3.2041 latest: 0.3.2041 webcPhoneOsBuildNumber = PQ1A.181205.002.A1 webcPhoneOsVersion = 9 webcPhoneAppVersion = 2.19.17 webcPhoneDeviceManufacturer = Google webcPhoneDeviceModel = marlin webcPhoneCharging = false Browser user agent userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36 Timestamps/ actions Mobile device information Note. All timestamps/actions begin with a date and time (i.e., YYYY-MM- DD HH:MM:SS.MS). WhatsApp log file artifacts

Upload: others

Post on 25-Apr-2021

24 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: WHATSAPP FORENSICS: LOCATING ARTIFACTS ON WEB …WHATSAPP FORENSICS: LOCATING ARTIFACTS ON WEB CLIENTS AND STANDALONE DESKTOP APPLICATIONS Nicolás Villacís Vukadinović, Dr. Kathryn

WHATSAPP FORENSICS: LOCATING ARTIFACTS ON WEB CLIENTS AND STANDALONE DESKTOP APPLICATIONS

Nicolás Villacís Vukadinović, Dr. Kathryn Seigfried-Spellar, Dr. Marcus Rogers & Dr. Umit Karabiyik Computer and Information Technology

Cyber Forensics Laboratory

Facts

• Most popular instant messaging application worldwide

• 1.5 billion monthly active users (July 2018)

• Used in over 180 countries

Findings:• WhatsApp log file, main source of artifacts• Cached profile pictures• Application run count/time/date• URL visit count/time/date• Overall, Chrome/Firefox web clients log

the most information

WhatsApp web client user interface

Study flowchart

Category Artifact

action,presence,[available/unavailable]

action,chatstate,[composing/paused/recording]

action,message,[image/video/chat/vcard/document/ptt]

action,msgs,delete

action,block,true,18125730324

action,battery,84,false

action,group,create

action,set_pic,17653278892@c

action,pushname

action,status,set

action,chat,read,{"fromMe":false,"remote":18125730324@c.

us…}

action,status,read,{"fromMe":false,"remote":"s&ð>@broadca

st","id":"C259586486C33C79E0482B1F346C9D98…}"

Media:sendToChat chat [email protected]

Media:sendToChat chat [email protected]

action,msg,relay,[chat,image,video],[email protected],176

[email protected]

action,msg,relay,image,status@broadcast,[email protected]

s,false_status@broadcast_FCECD863D949D0AAD2DFE72

60AD9DC4B,[email protected]"

profilePic:cache-save: profile_pic_thumb

AppUpdate:update current: 0.3.2041 latest: 0.3.2041

webcPhoneOsBuildNumber = PQ1A.181205.002.A1

webcPhoneOsVersion = 9

webcPhoneAppVersion = 2.19.17

webcPhoneDeviceManufacturer = Google

webcPhoneDeviceModel = marlin

webcPhoneCharging = false

Browser user

agent

userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)

AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/72.0.3626.81 Safari/537.36

Timestamps/

actions

Mobile

device

information

Note. All timestamps/actions begin with a date and time (i.e., YYYY-MM-

DD HH:MM:SS.MS).

WhatsApp log file artifacts

mfocosi
Typewritten Text
mfocosi
Typewritten Text
mfocosi
Typewritten Text
mfocosi
Typewritten Text
mfocosi
Typewritten Text
2019 - AIP - B85-C09 - WhatsApp Forensics: Locating Artifacts on Web Clients and Standalone Desktop Applications - Nicolás Villacís Vukadinović

Whatsapp survery report

Enciclopedia whatsapp

Whats App Forensics: Decryption of Encrypted WhatsApp ... · PDF fileKeywords: WhatsApp analysis; Android forensics; WhatsApp ... WhatsApp key/DB extractor (Version 2.2) 3) WhatsApp

- tnpscgroup4.files.wordpress.com · lotus tnpsc whatsapp group - group ii, iv & vao acs.radhakrishnan be - 9787910544 lotus academy tnpsc whatsapp group whatsapp number: 9787910544

Whatsapp Twitter

facebook acquired whatsapp

LOCATING PINS -STANDARD TYPE- LOCATING PINS -STANDARD …

whatsapp ppt

Facebook-Whatsapp Acquisition

WhatsApp & privacy

Whatsapp Chatbot - EasyChair

WhatsApp # 8800141518 Page 1 / 6 · WhatsApp # 8800141518 Page 2 / 6. WhatsApp # 8800141518 Page 3 / 6. WhatsApp # 8800141518 Page 4 / 6

WhatsApp Share extension User Manual - MageComp · WhatsApp Share extension User Manual Magento WhatsApp Share facilitates sharing and promoting product details through WhatsApp just

READING RELIGIOUS TEXTS. ASSUMPTIONS Religious texts are … Human artifacts Human artifacts Historical artifacts Historical artifacts Literary artifacts

In the cold, turbulent waters off the coast of South ... · of locating, documenting and preserving artifacts from the global slave trade, says Paul Gardullo, PhD Õ06, a historian

whatsapp (sajid)

WHATSAPP FORENSICS: LOCATING ARTIFCATS IN WEB AND …

For updates on WhatsApp, share your name & city on WhatsApp … · 2019-11-21 · For updates on WhatsApp, share your name & city on WhatsApp No. 88986 -30000 ... Relocation of wild

Best Whatsapp status and Images for whatsapp

Whatsapp persentation01

WhatsApp Forensic

WhatsApp Presentation

Whatsapp Technical

200716 MainBrochure Whatsapp

Whatsapp seminar

Marketing Using WhatsApp

Whatsapp seminar report

Locating Pins for Jigs & Fixtures - MISUMI USA · 2020-05-20 · Locating Pins/Bushings for Locating Pins Locating Pins/Bushings for Locating Pins There s more on the web: misumiusa.com

WhatsApp, The Anti-Marketing Growth Phenomenon | Facebook-acquired WhatsApp

Whatsapp ( history , fb allience and intresting facts about whatsapp)

For updates on WhatsApp, share your name & city on WhatsApp … · 2019. 11. 21. · For updates on WhatsApp, share your name & city on WhatsApp No. 88986 -30000 Website: Telegram

Facebook acquires whatsapp

¡¡Ponte Whatsapp!!

WhatsApp marketing

Forensics Analysis On Smart Phones Using Mobile Forensics ... · PDF fileforensics, network forensics ... analysed the forensics artifacts in smartphone whatsapp which ... is an advanced