Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage
Digital Evidence is becoming an indispensable factor in most legal cases. However, technological advancements that lead to artifact complexity, are forcing investigators to create sophisticated connections between the findings and the suspects for admissibility of evidence in court. This paper scrut...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2020-10-01
|
| Series: | Future Internet |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1999-5903/12/11/184 |
| _version_ | 1797549616745414656 |
|---|---|
| author | Furkan Paligu Cihan Varol |
| author_facet | Furkan Paligu Cihan Varol |
| author_sort | Furkan Paligu |
| collection | DOAJ |
| description | Digital Evidence is becoming an indispensable factor in most legal cases. However, technological advancements that lead to artifact complexity, are forcing investigators to create sophisticated connections between the findings and the suspects for admissibility of evidence in court. This paper scrutinizes whether IndexedDB, an emerging browser technology, can be a source of digital evidence to provide additional and correlating support for traditional investigation methods. It particularly focuses on the artifacts of the worldwide popular application, WhatsApp. A single case pretest–posttest quasi experiment is applied with WhatsApp Messenger and Web Application to populate and investigate artifacts in IndexedDB storage of Google Chrome. The findings are characterized and presented with their potential to be utilized in forensic investigation verifications. The storage locations of the artifacts are laid out and operations of extraction, conversion and presentation are systematized. Additionally, a proof of concept tool is developed for demonstration. The results show that WhatsApp Web IndexedDB storage can be employed for time frame analysis, demonstrating its value in evidence verification. |
| first_indexed | 2024-03-10T15:17:09Z |
| format | Article |
| id | doaj.art-b55a2a823c5f4166b3c4a2d1a8617bed |
| institution | Directory Open Access Journal |
| issn | 1999-5903 |
| language | English |
| last_indexed | 2024-03-10T15:17:09Z |
| publishDate | 2020-10-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Future Internet |
| spelling | doaj.art-b55a2a823c5f4166b3c4a2d1a8617bed2023-11-20T18:49:38ZengMDPI AGFuture Internet1999-59032020-10-01121118410.3390/fi12110184Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent StorageFurkan Paligu0Cihan Varol1Computer Science Department, Sam Houston State University, Huntsville, TX 77340, USAComputer Science Department, Sam Houston State University, Huntsville, TX 77340, USADigital Evidence is becoming an indispensable factor in most legal cases. However, technological advancements that lead to artifact complexity, are forcing investigators to create sophisticated connections between the findings and the suspects for admissibility of evidence in court. This paper scrutinizes whether IndexedDB, an emerging browser technology, can be a source of digital evidence to provide additional and correlating support for traditional investigation methods. It particularly focuses on the artifacts of the worldwide popular application, WhatsApp. A single case pretest–posttest quasi experiment is applied with WhatsApp Messenger and Web Application to populate and investigate artifacts in IndexedDB storage of Google Chrome. The findings are characterized and presented with their potential to be utilized in forensic investigation verifications. The storage locations of the artifacts are laid out and operations of extraction, conversion and presentation are systematized. Additionally, a proof of concept tool is developed for demonstration. The results show that WhatsApp Web IndexedDB storage can be employed for time frame analysis, demonstrating its value in evidence verification.https://www.mdpi.com/1999-5903/12/11/184digital forensicspersistent storageweb browser forensics |
| spellingShingle | Furkan Paligu Cihan Varol Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage Future Internet digital forensics persistent storage web browser forensics |
| title | Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage |
| title_full | Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage |
| title_fullStr | Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage |
| title_full_unstemmed | Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage |
| title_short | Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage |
| title_sort | browser forensic investigations of whatsapp web utilizing indexeddb persistent storage |
| topic | digital forensics persistent storage web browser forensics |
| url | https://www.mdpi.com/1999-5903/12/11/184 |
| work_keys_str_mv | AT furkanpaligu browserforensicinvestigationsofwhatsappwebutilizingindexeddbpersistentstorage AT cihanvarol browserforensicinvestigationsofwhatsappwebutilizingindexeddbpersistentstorage |