Browse > Article
http://dx.doi.org/10.6109/jkiice.2016.20.4.777

Forensic Analysis of chatting messenger service in KakaoTalk and Comparison Study of KakaoTalk and WhatsApp Artifacts  

Yoon, JongCheol (Graduate School of Information Security, Sejong Cyber University)
Park, Yongsuk (Graduate School of Information Security, Sejong Cyber University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.20, no.4, 2016 , pp. 777-785 More about this Journal
Abstract
IM(Instant Messenger) chatting service can carry user's various information including life style, geographical position, and psychology & crime history and thus forensic analysis on the IM service is desirable. But, forensic analysis for KakaoTalk's chatting service is not well studied yet. For this reason, we study KakaoTalk's forensic analysis focusing on chatting service. This paper first details a general method of IM forensics investigating the previous articles about IM forensics although there are not many articles. Second, we discuss methodologies for IM forensics wherein we present analysis of table structure and method for reconstruction of chatting message. These result in the basic element of forensic tools of KakaoTalk chatting message. Last, we compare artifacts of KakaoTalk with that of WhatsApp. We conclude that these applications are, at least, different in that table structures and the ways to reconstruct chatting messages are not same and therefore digital evidences or artifacts are not same and somewhat distinct.
Keywords
Android Forensic; IM(Instant Messenger); KakaoTalk; WhatsApp; SNS(Social Network Service);
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 Google. Consumer Barometer with Google [Internet]. Available: https://www.consumerbarometer.com/.
2 Andrew Hoog, "Android Application and Forensic Analysis," in Android Forensics: Investigation, Analysis and Mobile Security for Google Android, 1st ed. Waltham, MA: Syngress Pub., ch. 7, pp. 285-363, 2011.
3 Jeff Lessard, Gary C. Kessler, "Android Forensics: Simplifying Cell Phone Examinations," Small Scale Digital Device Forensics Journal, vol. 4, no. 1, pp. 1-12, Sept. 2010.
4 Federal Court of Australia. Ashby v Commonwealth of Australia (No 4) [2012] FCA 1411 [Internet]. Available: http://www.austlii.edu.au/cgi-bin/sinodisp/au/cases/cth/FCA/2012/1411.htm.
5 SAFLII. S v Oscar Pistorius (CC113/2013) [2014] ZAGPPHC 793 (12 September 2014) [Internet]. Available: http://www.saflii.org/za/cases/ZAGPPHC/2014/793.html.
6 Yu Jong Jang, Jin Kwak, "Mobile Digital Forensic Procedure for Crime Investigation in Social Network Service," The Journal of Korea Navigation Institute, vol. 17, no. 3, pp. 325-331, Jun. 2013.
7 TTA. Instant Messaging [Internet]. Available: http://word.tta.or.kr/main.do.
8 Wikimedia Foundation, Inc. Instant Messaging [Internet]. Available: https://en.wikipedia.org/wiki/Instant_messaging.
9 J. M. Lee, "The Effect of Personal Communication Activities using Smart Phone Instant Messenger on Job Performance," Journal of Korean Socieity for Internet Information, vol. 13, no. 6, pp. 17-24, Oct. 2012.
10 H. S. Jung, "The evolution of Korean social network service focusing on the case of Kakao talk," The Journal of Digital Policy and Management, vol. 10, no. 10, pp. 147-154, Nov. 2012.
11 Svein Yngvar Willassen, "Forensics and the GSM mobile telephone system," International Journal of Digital Evidence, vol. 2, no. 1, pp. 1-17, Spring. 2003.
12 Mark Taylor, et al., "Digital evidence from mobile telephone applications," Computer Law & Security Review, vol. 28, no. 3, pp. 335-339, Jun. 2012.   DOI
13 Noora Al Mutawa, et al., "Forensic artifacts of Facebook's instant messaging service," in Conference of the 6th International Conference on Internet Technology and Secured Transactions, Abu Dhabi, pp. 771-776, 2011.
14 KIPO(Korean Intellectual Property Office), Digital forensics technology, patents increase. [Internet]. Available: http://www.kipo.go.kr.
15 M. Dickson, "An examination into AOL Instant Messenger 5.5 contact identification," Digital Investigation, vol.3, no. 4, pp. 227-237, Dec. 2006.   DOI
16 J. Reust, "Case study: AOL instant messenger trace evidence," Digital Investigation, vol. 3, no. 4, pp. 238-243, Oct. 2006.   DOI
17 M. Dickson, "An examination into MSN Messenger 7.5 contact identification," Digital Investigation, vol. 3, no. 2, pp. 79-83, Apr. 2006.   DOI
18 H. Carvey, "Instant messaging investigations on a live Windows XP system," Digital Investigation, vol. 1, no.4, pp. 256-260, Dec. 2004.   DOI
19 Matthew Kiley, et al., "Forensic analysis of volatile instant messaging," in Conference of The Fourth Annual IFIP WG 11.9 Conference on Digital Forensics, Kyoto, pp. 129-138, 2008.
20 Anglano, Cosimo, "Forensic analysis of WhatsApp Messenger on Android smartphones," Digital Investigation, vol. 11, no. 3, pp. 201-213, Sept. 2014.   DOI
21 Neha S. Thakur, "Forensic analysis of WhatsApp on Android smartphones," M.S. Thesis, University of New Orleans Theses and Dissertations, 2013.
22 Shubham Sahu, "An Analysis of WhatsApp Forensics in Android Smartphones," International Journal of Engineering Research, vol. 3, no. 5, pp. 349-350, May 2014.   DOI
23 Jongcheol Yoon, "Forensic Analysis of KakaoTalk Messenger on Android and Comparison Study of KakaoTalk and WhatsApp Artifacts," M.S. Thesis, SeJong Cyber University, 2016.
24 Aditya Mahajan, et al., "Forensic analysis of instant messenger applications on android devices," International Journal of Computer Applications, vol. 68, no.8, Apr. 2013.
25 Daniel Walnycky, et al., "Network and device forensic analysis of Android social-messaging applications," Digital Investigation, vol. 14, pp. S77-S84, Aug. 2015.   DOI
26 Jongcheol Yoon, Yongsuk Park, "Forensic Analysis of KakaoTalk Messenger on Android Study of KakaoTalk," Journal of the Korea Institute of Information and Communication Engineering, vol. 20, no. 1, pp. 72-80, Jan. 2016.   DOI
27 Sei-Youen OH, "The application of digital forensic investigation for response of cyber-crimes," Journal of Digital Convergence, vol. 13, no. 4, pp. 81-87, Apr. 2015.   DOI