Added: Jonahtan Lail - Date: 24.07.2021 15:19 - Views: 48623 - Clicks: 1621
Thank you for using our services. We are a non-profit group that run this service to share documents.
We need your help to maintenance and improve this website. Please help us to share our service with your friends. Share Embed Donate.
Report this link. Smartphones have taken over the world, and mobile users spend the majority of their on-device time ing, browsing the web, using social media, and chatting with others using various applications. The sheer of mobile apps is overwhelming, and it seems like new ones emerge and explode in popularity all the time. Furthermore, each application on each device stores data in a different way.
Mobile chat apps are amongst the most popular types of third-party applications used on mobile devices today. They are used by billions of people worldwide, and are quickly surpassing traditional SMS in terms of message volume and usage. This whitepaper will detail how to recover evidence from popular third-party mobile chat apps, including Kik Messenger, WhatsApp and BBM.
Kik allows users to send messages and files to contacts using iOS, Android, and Windows Phone devices. More and more digital forensics examiners are seeing the need to investigate Kik Messenger as a vital source of evidence, and the ability to recover data from this app is becoming critical to their investigations. For both iOS and Android, most Kik artifacts relevant to forensic investigations are stored within SQLite databases— similar to other mobile chat applications. The database for both Android kik user database iOS contains a user name and display name for each contact. The user name is a unique identifier for every Kik user.
In our testing, we have found multiple string values in the JID and while many of them are common across users, we kik user database determine their meaning. They are likely used to categorize users internally within the Kik servers.
Kik Contacts Table The Kik contacts tables can also contain profile picture links and timestamps, as well as group and block lists depending on which application is used. Kik Messages Table While both applications have similar features, the artifacts recovered from each operating system will differ slightly as a result of their respective SQLite database structures. Photos—sent from either the camera or gallery—are stored on the mobile device as a JPG with no file extension.
It is also worth noting that an attachment can include a message; however, the messages and attachments are sent separately in the Kik database. The attachments are represented in the message table as a null message but will link to a GUID in the attachments table. Like Kik Messenger, WhatsApp is cross-platform instant messenger service that has over million users.
It was purchased by Facebook in February and continues to grow in popularity.
Much like other mobile chat applications, WhatsApp contacts, messages, and attachments can be valuable to examiners looking to recover evidence for a variety of different investigation types. The msgstore. This attachment is stored directly in the msgstore.
Additionally, the table may contain latitude and longitude coordinates for messages being sent, allowing the investigator to map out the geolocation details of a user. For that we must look at the wa. The wa.
In order to gain access the msgstore. Otherwise, WhatsApp also stores a copy of the msgstore. WhatsApp uses several different types of encryption on this database depending on the version of WhatsApp being used.
Recovering WhatsApp contacts, messages, and attachments on Android is relatively straightforward once you have access to the appropriate databases.
The process is similar in iOS, but with some minor differences. Many of the same artifacts mentioned for Android are found in these locations; however, the table names and structure may be different. In addition to the ChatStorage. This data is unencrypted on the device and can be viewed with any SQLite viewer. There are quite a few tables of interest that store the data mentioned above. The Contacts, Profile and Users tables store contact and user details including profile pictures and registration details.
There are some additional tables found in the master. The screenshot below is an example of the detailed kik user database available in the TextMessages table for a BBM conversation between two parties. Included in this information is message content, timestamps for sent and received messages, status, state whether the message has been delivered, read, etc.
Users can interact with that channel by posting and responding to comments and questions. Specifically, investigators should examine TableChannels, ChannelPosts, and ChannelComments for artifacts that may be relevant to their case.
Once IEF is finished searching for evidence, all recovered artifacts are compiled in a case file, where they can be viewed and analyzed by a digital forensic investigator in IEF Report Viewer. It will parse the SQLite database to identify details such as sender, receiver, message, attachment, timestamps, as well as several other values found in the database. Shows whether the message was sent or received by the user Unique identifier for the other Kik user in conversation Shows the message status Contents of the message this message was an attachment so there is no body 5.
Timestamp details 6. Learn how IEF can help you find more evidence on mobile devises by ing a live online product demonstration, or give IEF a try for free for 30 days. All rights reserved. All other marks and brands may be claimed as the property of their respective owners. Please fill this form, we will try to respond as soon as possible. Your name. Close Submit. Please copy and paste this embed script to where you want to embed Embed Script.
Size px x x x x We need your help!Kik user database
email: [email protected] - phone:(522) 691-9186 x 6434
Kik usernames, Kik friends - Usernames list