Hi, im undertaking the project "a forensic analysis of android based IM apps artifacts, and how they compare with their relevant computer artifacts", im really stubbed on what I should do. I have decided to use a Samsung note, but unaware of any IM apps to use, could anyone suggest any? I will use Cellebrite to analyse the mobile artifacts, but really unsure how to analyse the artifacts on my laptop. Please, if anyone has done this project before, could you shed some light on it? Thanks
EDIT Would it be worth doing a comparison between different IM apps artifacts on android instead? if so, does anyone know how to compare? Thanks
Without telling you exactly what to do, you can find IM applications fairly easily on Google play.
Create an account on the phone and another on the computer and have some conversations, then look at the artifacts left on both. Preferably without relying on tool support by the vendor; the better projects show what the tools will get you and compare that with the actual data to see if the tool is showing everything.
Alexis does a great job of writing up his research on a similar topic https://abrignoni.blogspot.com/
Otherwise, flick through my site (thisweekin4n6.com) and you should be able to get an idea of the other folks that share out their research.
Without telling you exactly what to do, you can find IM applications fairly easily on Google play.
Create an account on the phone and another on the computer and have some conversations, then look at the artifacts left on both. Preferably without relying on tool support by the vendor; the better projects show what the tools will get you and compare that with the actual data to see if the tool is showing everything.
Alexis does a great job of writing up his research on a similar topic https://abrignoni.blogspot.com/
Otherwise, flick through my site (thisweekin4n6.com) and you should be able to get an idea of the other folks that share out their research.
How would I view the artifacts without any tools?
Thanks
There's a couple of ways to go about this.
If you root the phone, you can load on TWRP and then use adb to pull files off, or take a physical image.
You can load the physical image into free tools, like FTK Imager, or Autopsy, and extract relevant files from the IM apps.
Alternatively, you can contact vendors and ask for trials to test with. It's a good idea to look up whether they support the phone or the apps that you are examining first.
Many IM apps will store data in SQLite or JSON, and configurations can be stored in a variety of formats (lots of xml on android, but there are others)
There are many posts online for how to do all of these things, so you can probably piece together the research once you get an idea of all of the components.
Good luck!