Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.3.397

Study on MalangMalang Talkafe Database Encryption Process and Recovering Its Deleted Messages on Windows  

Youn, Byungchul (Kookmin University)
Kim, Soram (Kookmin University)
Kim, Jongsung (Kookmin University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.3, 2020 , pp. 397-403 More about this Journal
Abstract
With the convenience of real-time conversation, multimedia file and contact sharing services, most people use instant messenger, and its usage time is increasing. Because the messengers contain a lot of user behavior information data, in the digital forensic investigation, they can be very useful evidence to identify user behavior. However, some of useful data can be difficult to acquire or recognize because they are encrypted or deleted. Thus, in order to use the messenger data as evidence, the study of message decryption process and message recovery is essential. In this paper, we analyze the database encryption process of the instant messenger, MalangMalang Talkafe, and propose the method to decrypt it. In addition, we propose the methods to identify the deleted messages and recover from the volatile memory area.
Keywords
Digital Forensic; Messenger; Decryption; Reverse Engineering; Memory Forensic;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 THAKUR, N.S.," Forensic analysis of WhatsApp on Android smartphones," Master's Thesis, University Of New Orleans, 2013.
2 J. Choi, J. Park, and H. Kim, "Forensic analysis of the backup database file in KakaoTalk messenger," 2017 IEEE International Conference on Big Data and Smart Computing, pp. 156-161, Feb. 2017
3 J, Choi, J. Yu, and H, Kim, "Digital forensic analysis of encrypted database files in instant messaging applications on Windows operating systems: Case study with KakaoTalk, NateOn and QQ messenger," Digital Investigation, vol. 28, pp. S50-S59, Apr. 2019   DOI
4 A. Mahajan, MS. Dahiya, and HP. Sanghvi,"Forensic analysis of instant messenger applications on android devices," arXiv preprint arXiv:1304.4915, 2013.
5 G. Kim, J. Lee, and S. Shin, "Study on The Decryption Method and Analysis of MalangMalang Talkcafe Application Datbase," Jonornal of The Korea Institute of information Security & Cryptology, 29(3), pp. 541-633, Jun. 2019
6 G, Feng and Z. Ying," Analysis of WeChat on iPhone," 2nd international symposium on computer, communication, control and automation, Atlantis Press, 2013
7 S. Wu, Y. Zhang, and X. Wang, "Forensic analysis of WeChat on Android smartphones," Digital investigation, vol. 21, pp. 3-10, June. 2017   DOI