hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Forensiska Artefakter hos Mobila Applikationer: Utvinning och Analys av Applikationen Snapchat
Halmstad University, School of Information Technology.
Halmstad University, School of Information Technology.
2019 (Swedish)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Today's smartphones and tablets use different applications and software for all sorts of purposes: communication, entertainment, fitness, to share images with each other, to keep up to date with the news and lots of different daily tasks. With the heavy usage of all these apps, it is no wonder that it comes with a few issues. Private data is stored in large quantities both on the local device and on the app-creators' servers. It is no wonder that applications advertising user secrecy and transient storage of user data. One of these applications is Snapchat, with over 500 million downloads on Google Play store, at the time of writing. Snapchat is a communication application with the niched feature that the images and messages sent, disappear once opened or after 24 hours have passed. With the illusion of privacy behind Snapchats niche it has become a breeding ground for criminal activity. The niche itself translates to a troublesome hurdle for law enforcement trying to retrieve evidence from devices of Snapchat users. This paper is aimed to investigate these issues and perform a methodology to retrieve potential evidence on a device using Snapchat to send images and messages. By performing a physical acquisition on a test device and analyzing to find artifacts pertaining to Snapchat and the test-data that was created. The method is performed on a Samsung Galaxy S4 with Android 5.0.1 running Snapchat version 10.52.3.0. Test data such as different images and messages were created and attempted to be retrieved at three points in time. First one being right after data creation. Second one after a restart and 24 hours after the data was created. And the third with 48 hours passed and the Snapchat user logged out at the time of acquisition. The acquisition resulted in the extraction of several sent images and a full text conversation between the experimental device and another party. A full video which was uploaded by the receiving user was able to be extracted even though the experimental device never actually viewed the video. The second acquisition which was made when 24h had passed gave the same results as the first one. This meant that time at least up to a day after the initial creation of the data did not have any effect on the evidence. However, when the Snapchat user was logged out from the application, the data was then unobtainable and had disappeared. Presumably Snapchat has a function which deletes personal data about the user when logged out from the application. This function might become a hurdle in law enforcement investigations where the application Snapchat is involved.

Place, publisher, year, edition, pages
2019. , p. 34
Keywords [en]
Forensics, Mobile forensics, DFIR, Snapchat, Magnet Axiom, Extraction, Snapchat analysis, Forensic investigation, Snapchat artifacts, forensic artifacts, digital forensics
Keywords [sv]
Forensik, Digitalforensik, Mobilforensik, Snapchat, Artefakter, Magnet Axiom, Utvinning, Samsung Galaxy S4, Applikationer, Mobilutvinning
National Category
Other Engineering and Technologies not elsewhere specified Computer and Information Sciences
Identifiers
URN: urn:nbn:se:hh:diva-40207OAI: oai:DiVA.org:hh-40207DiVA, id: diva2:1336867
Subject / course
Digital Forensics
Educational program
IT Forensics and Information Security, 180 credits
Supervisors
Examiners
Available from: 2019-07-15 Created: 2019-07-10 Last updated: 2019-07-15Bibliographically approved

Open Access in DiVA

fulltext(1207 kB)13 downloads
File information
File name FULLTEXT01.pdfFile size 1207 kBChecksum SHA-512
e523304350d74b16c52a29f0349fcae5d81bf6803055f8d9b4f2bf59d0f47269cb031df8d12effc30c8a5203a7969863481cdd4d3e6ecf8c5dcefe001030cc15
Type fulltextMimetype application/pdf

By organisation
School of Information Technology
Other Engineering and Technologies not elsewhere specifiedComputer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 13 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 55 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf