Mobile forensics : analysis of the messaging application Signal.

Abstract

This study reviewed if there are ways to recover messages, image, videos, and call logs within the mobile application Signal, developed by Open Whisper Systems. The purpose of this study was to research the data recovery as fact or fiction, while providing which tools and extraction methods produced more accurate results. Further research was needed to explore data recovered from an Android mobile device compared to an iOS mobile device. The forensic tools used to conduct this research included UFED 4PC (Universal Forensic Extraction Device), version 6.3.1.477 with an internal build version 4.7.1.477 and UFED Physical Analyzer version 6.3.11.36, developed by Cellebrite. The study also compared the results using Cellebrite to three different open source tools, iPhone Analyzer, iExplorer, and Autopsy. The meaning of open source can be a tool or program that is designed for specific tasks, yet the source code is openly published to the public. These tools or programs are free of charge unless the user opts to pay for the expanded versions. Overall, the results were dependent on the make and model of the mobile devices. Out of four different types of mobile devices, only one device produced viable results when it came to the Signal Application. The physical extraction from UFED 4PC and Physical Analyzer on the Android ZTE Z993 device was able to recover an abundant amount of data. The other three devices produced minimal results only showing the installation of the application, but no real message data using the UFED 4PC version 6.3.1.477 and UFED Physical Analyzer version 6.3.11.36 software. The three open source software, iPhone Analyzer, iExplorer, and Autopsy also produced minimal results with the exception of the Android ZTE Z993 device. Autopsy free version was able to parse the data missed by the Cellebrite commercial tools and recover some of the missing images within messages sent inside of the Signal Application