Forensic Web Analysis on The Latest Version of Whatsapp Browser

Abstract

With the rapid growth of technology and the increasing number of smartphone users, social media applications have proliferated. Among them, WhatsApp has emerged as the most widely used application, with over a quarter of the world's population using it since 2009. To meet the increasing customer demands, WhatsApp has introduced a browser version, which has undergone continuous updates and improvements. The latest version of WhatsApp exhibits significant differences in features and settings compared to its predecessors, particularly in conversations, images, video recordings, and other aspects. Consequently, this research focuses on analyzing artifacts that can aid in forensic investigations. The study aims to extract artifacts related to conversation sessions, as well as media data such as audio files, contact numbers, photos, videos, and more. To achieve these objectives, various forensic tools will be employed to assist in the artifact search within the WhatsApp browser. The research adopts the NIST framework and utilizes forensic techniques like Autopsy and FTK Imager to read encrypted backup database files. These files contain valuable information such as deleted conversations, phone logs, photos, videos, and other data of interest. Analyzing the artifacts from the WhatsApp browser version contributes to forensic activities, providing valuable insights into the evidence that can be obtained from conversations and media files. By leveraging forensic tools and techniques, forensic practitioners can effectively retrieve and analyze data from the encrypted backup database files. In summary, this research explores the artifacts within the WhatsApp browser version, sheds light on its distinct features, and presents a forensic approach utilizing the NIST framework and forensic tools like Autopsy and FTK Imager to examine encrypted backup database files containing crucial deleted data, conversations, and media files.