DOI QR코드

DOI QR Code

Forensic Analysis of chatting messenger service in KakaoTalk and Comparison Study of KakaoTalk and WhatsApp Artifacts

KakaoTalk의 채팅 메시지 포렌식 분석 연구 및 WhatsApp의 Artifacts 와의 비교 분석

  • Yoon, JongCheol (Graduate School of Information Security, Sejong Cyber University) ;
  • Park, Yongsuk (Graduate School of Information Security, Sejong Cyber University)
  • Received : 2016.02.01
  • Accepted : 2016.03.20
  • Published : 2016.04.30

Abstract

IM(Instant Messenger) chatting service can carry user's various information including life style, geographical position, and psychology & crime history and thus forensic analysis on the IM service is desirable. But, forensic analysis for KakaoTalk's chatting service is not well studied yet. For this reason, we study KakaoTalk's forensic analysis focusing on chatting service. This paper first details a general method of IM forensics investigating the previous articles about IM forensics although there are not many articles. Second, we discuss methodologies for IM forensics wherein we present analysis of table structure and method for reconstruction of chatting message. These result in the basic element of forensic tools of KakaoTalk chatting message. Last, we compare artifacts of KakaoTalk with that of WhatsApp. We conclude that these applications are, at least, different in that table structures and the ways to reconstruct chatting messages are not same and therefore digital evidences or artifacts are not same and somewhat distinct.

IM(Instant Messenger)의 채팅메시지는 이용자의 생활패턴, 지리적 위치, 심리 상태, 범죄 사실에 대한 흔적들이 존재하여 포렌식 분석이 필요하다. 하지만, KakaoTalk의 포렌식 분석은 주고받은 상세메시지에 대한 분석이 부족한 실정이다. 이에 본 논문은 우선 일반적인 IM 채팅메시지의 분석방법론을 정리 분석하였고, KakaoTalk의 상세 채팅메시지의 테이블 구조를 분석하여 메시지를 재구성하였고, 채팅메시지를 복원하였다. 그 결과 분석한 정보를 활용하면 Forensic Tool의 기본 플랫폼이 된다. 추가적으로 분석한 KakaoTalk과 WhatsApp을 비교 분석하여 비슷한 IM App이지만, 다른 흔적의 차이를 논의하였다.

Keywords

References

  1. Google. Consumer Barometer with Google [Internet]. Available: https://www.consumerbarometer.com/.
  2. Andrew Hoog, "Android Application and Forensic Analysis," in Android Forensics: Investigation, Analysis and Mobile Security for Google Android, 1st ed. Waltham, MA: Syngress Pub., ch. 7, pp. 285-363, 2011.
  3. Jeff Lessard, Gary C. Kessler, "Android Forensics: Simplifying Cell Phone Examinations," Small Scale Digital Device Forensics Journal, vol. 4, no. 1, pp. 1-12, Sept. 2010.
  4. Federal Court of Australia. Ashby v Commonwealth of Australia (No 4) [2012] FCA 1411 [Internet]. Available: http://www.austlii.edu.au/cgi-bin/sinodisp/au/cases/cth/FCA/2012/1411.htm.
  5. SAFLII. S v Oscar Pistorius (CC113/2013) [2014] ZAGPPHC 793 (12 September 2014) [Internet]. Available: http://www.saflii.org/za/cases/ZAGPPHC/2014/793.html.
  6. Yu Jong Jang, Jin Kwak, "Mobile Digital Forensic Procedure for Crime Investigation in Social Network Service," The Journal of Korea Navigation Institute, vol. 17, no. 3, pp. 325-331, Jun. 2013.
  7. TTA. Instant Messaging [Internet]. Available: http://word.tta.or.kr/main.do.
  8. Wikimedia Foundation, Inc. Instant Messaging [Internet]. Available: https://en.wikipedia.org/wiki/Instant_messaging.
  9. J. M. Lee, "The Effect of Personal Communication Activities using Smart Phone Instant Messenger on Job Performance," Journal of Korean Socieity for Internet Information, vol. 13, no. 6, pp. 17-24, Oct. 2012.
  10. H. S. Jung, "The evolution of Korean social network service focusing on the case of Kakao talk," The Journal of Digital Policy and Management, vol. 10, no. 10, pp. 147-154, Nov. 2012.
  11. Svein Yngvar Willassen, "Forensics and the GSM mobile telephone system," International Journal of Digital Evidence, vol. 2, no. 1, pp. 1-17, Spring. 2003.
  12. Mark Taylor, et al., "Digital evidence from mobile telephone applications," Computer Law & Security Review, vol. 28, no. 3, pp. 335-339, Jun. 2012. https://doi.org/10.1016/j.clsr.2012.03.006
  13. KIPO(Korean Intellectual Property Office), Digital forensics technology, patents increase. [Internet]. Available: http://www.kipo.go.kr.
  14. M. Dickson, "An examination into AOL Instant Messenger 5.5 contact identification," Digital Investigation, vol.3, no. 4, pp. 227-237, Dec. 2006. https://doi.org/10.1016/j.diin.2006.10.004
  15. J. Reust, "Case study: AOL instant messenger trace evidence," Digital Investigation, vol. 3, no. 4, pp. 238-243, Oct. 2006. https://doi.org/10.1016/j.diin.2006.10.009
  16. Noora Al Mutawa, et al., "Forensic artifacts of Facebook's instant messaging service," in Conference of the 6th International Conference on Internet Technology and Secured Transactions, Abu Dhabi, pp. 771-776, 2011.
  17. M. Dickson, "An examination into MSN Messenger 7.5 contact identification," Digital Investigation, vol. 3, no. 2, pp. 79-83, Apr. 2006. https://doi.org/10.1016/j.diin.2006.04.002
  18. H. Carvey, "Instant messaging investigations on a live Windows XP system," Digital Investigation, vol. 1, no.4, pp. 256-260, Dec. 2004. https://doi.org/10.1016/j.diin.2004.10.003
  19. Matthew Kiley, et al., "Forensic analysis of volatile instant messaging," in Conference of The Fourth Annual IFIP WG 11.9 Conference on Digital Forensics, Kyoto, pp. 129-138, 2008.
  20. Anglano, Cosimo, "Forensic analysis of WhatsApp Messenger on Android smartphones," Digital Investigation, vol. 11, no. 3, pp. 201-213, Sept. 2014. https://doi.org/10.1016/j.diin.2014.04.003
  21. Neha S. Thakur, "Forensic analysis of WhatsApp on Android smartphones," M.S. Thesis, University of New Orleans Theses and Dissertations, 2013.
  22. Shubham Sahu, "An Analysis of WhatsApp Forensics in Android Smartphones," International Journal of Engineering Research, vol. 3, no. 5, pp. 349-350, May 2014. https://doi.org/10.17950/ijer/v3s5/514
  23. Aditya Mahajan, et al., "Forensic analysis of instant messenger applications on android devices," International Journal of Computer Applications, vol. 68, no.8, Apr. 2013.
  24. Daniel Walnycky, et al., "Network and device forensic analysis of Android social-messaging applications," Digital Investigation, vol. 14, pp. S77-S84, Aug. 2015. https://doi.org/10.1016/j.diin.2015.05.009
  25. Jongcheol Yoon, Yongsuk Park, "Forensic Analysis of KakaoTalk Messenger on Android Study of KakaoTalk," Journal of the Korea Institute of Information and Communication Engineering, vol. 20, no. 1, pp. 72-80, Jan. 2016. https://doi.org/10.6109/jkiice.2016.20.1.72
  26. Jongcheol Yoon, "Forensic Analysis of KakaoTalk Messenger on Android and Comparison Study of KakaoTalk and WhatsApp Artifacts," M.S. Thesis, SeJong Cyber University, 2016.
  27. Sei-Youen OH, "The application of digital forensic investigation for response of cyber-crimes," Journal of Digital Convergence, vol. 13, no. 4, pp. 81-87, Apr. 2015. https://doi.org/10.14400/JDC.2015.13.4.81

Cited by

  1. 메타스터디를 통한 국내 디지털 포렌식 연구 동향 vol.24, pp.3, 2016, https://doi.org/10.22693/niaip.2017.24.3.091