WhatsApp数据在流行移动平台上的取证收购

2015 Sixth International Conference on Emerging Security Technologies (EST) Pub Date : 2015-09-03 DOI:10.1109/EST.2015.16

Adam Shortall, M. Azhar

{"title":"WhatsApp数据在流行移动平台上的取证收购","authors":"Adam Shortall, M. Azhar","doi":"10.1109/EST.2015.16","DOIUrl":null,"url":null,"abstract":"Encryption techniques used by popular messaging services such as Skype, Viber and WhatsApp make traces of illegal activities by criminal groups almost undetectable. This paper reports challenges involved to examine data of the WhatsApp application on popular mobile platforms (iOS, Android and Windows Phone) using latest forensic software such as EnCase, UFED and Oxygen Forensic Suite. The operating systems used were Windows phone 8.1, Android 5.0.1 (Lollipop) and iOS 8.3. Results show that due to strong security features built into the Windows 8.1 system forensic examiners may not be able to access data with standard forensic suite and they must decide whether to perform a live forensic acquisition. This paper provides forensics examiners with practical techniques for recovering evidences of WhatsApp data from Windows 8.1 mobile operating systems that would otherwise be inaccessible.","PeriodicalId":402244,"journal":{"name":"2015 Sixth International Conference on Emerging Security Technologies (EST)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"Forensic Acquisitions of WhatsApp Data on Popular Mobile Platforms\",\"authors\":\"Adam Shortall, M. Azhar\",\"doi\":\"10.1109/EST.2015.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Encryption techniques used by popular messaging services such as Skype, Viber and WhatsApp make traces of illegal activities by criminal groups almost undetectable. This paper reports challenges involved to examine data of the WhatsApp application on popular mobile platforms (iOS, Android and Windows Phone) using latest forensic software such as EnCase, UFED and Oxygen Forensic Suite. The operating systems used were Windows phone 8.1, Android 5.0.1 (Lollipop) and iOS 8.3. Results show that due to strong security features built into the Windows 8.1 system forensic examiners may not be able to access data with standard forensic suite and they must decide whether to perform a live forensic acquisition. This paper provides forensics examiners with practical techniques for recovering evidences of WhatsApp data from Windows 8.1 mobile operating systems that would otherwise be inaccessible.\",\"PeriodicalId\":402244,\"journal\":{\"name\":\"2015 Sixth International Conference on Emerging Security Technologies (EST)\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 Sixth International Conference on Emerging Security Technologies (EST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EST.2015.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Sixth International Conference on Emerging Security Technologies (EST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EST.2015.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 25

摘要

Skype、Viber和WhatsApp等流行通讯服务使用的加密技术，使得犯罪集团非法活动的痕迹几乎无法察觉。本文报告了使用最新的取证软件(如EnCase, UFED和Oxygen forensic Suite)检查流行移动平台(iOS, Android和Windows Phone)上WhatsApp应用程序数据所涉及的挑战。使用的操作系统是Windows phone 8.1、Android 5.0.1 (Lollipop)和iOS 8.3。结果表明，由于Windows 8.1系统内置的强大安全功能，取证检查人员可能无法使用标准取证套件访问数据，他们必须决定是否执行实时取证采集。本文为取证审查员提供了从Windows 8.1移动操作系统中恢复WhatsApp数据证据的实用技术，否则这些数据将无法访问。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Forensic Acquisitions of WhatsApp Data on Popular Mobile Platforms

Encryption techniques used by popular messaging services such as Skype, Viber and WhatsApp make traces of illegal activities by criminal groups almost undetectable. This paper reports challenges involved to examine data of the WhatsApp application on popular mobile platforms (iOS, Android and Windows Phone) using latest forensic software such as EnCase, UFED and Oxygen Forensic Suite. The operating systems used were Windows phone 8.1, Android 5.0.1 (Lollipop) and iOS 8.3. Results show that due to strong security features built into the Windows 8.1 system forensic examiners may not be able to access data with standard forensic suite and they must decide whether to perform a live forensic acquisition. This paper provides forensics examiners with practical techniques for recovering evidences of WhatsApp data from Windows 8.1 mobile operating systems that would otherwise be inaccessible.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 Sixth International Conference on Emerging Security Technologies (EST)

自引率

0.00%

发文量