A Forensic Analysis Visualization Tool for Mobile Instant Messaging Apps

  • Wee Sern Ong
  • Nurul Hidayah Ab Rahman
Abstract views: 316 , pdf downloads: 204
Keywords: Forensic analysis, Instant Messaging apps, Mobile forensics, Visualization


In this study, we demonstrate the role of visualization to facilitate forensic analysis goal in interpreting metadata of evidence of interest to answer who, what, why, when, where, and how an incident occurred. Two mobile Instant Messaging (IM) applications (i.e. WhatsApp and Line) were deployed as a case study.  Subsequently, a tool – W*W Visualizer – was designed and developed with the aims to analyze and visualize the connection of evidence metadata, text frequency and word count, and display report of analysis activities. The tool is developed by adopting Object-Oriented Software Development Model with Visual Studio platform and C# language were used to develop the system. Our findings show that W*W Visualizer could transform the data of the chat database into a visual form, for example graph, chart and word cloud. The tool also allows the user to perform search feature such as searching based on keyword and timestamp from the IM chat history. It is expected that outcomes from this study would significantly influence digital forensics practitioners in analyzing and interpreting evidence data, and judicial authorities in understanding the presentation of evidence. 


Download data is not yet available.


Statista, “Number of smartphone users worldwide from 2014 to 2020 (in billions),” 2018. .

S. Alhidaifi, “Mobile Forensics : Android Platforms and WhatsApp Extraction Tools,” Int. J. Comput. Appl., vol. 179, no. 47, pp. 25–29, 2018.

K. Curran, A. Robinson, S. Peacocke, and S. Cassidy, “Mobile Phone Forensic Analysis,” in Crime Prevention Technologies and Applications for Advancing Criminal Investigation, 2016, pp. 250–262.

R. V. Dharaskar, “Mobile Forensics : An Overview , Tools , Future trends and Challenges from Law Enforcement Perspective,” in 6th international conference on e-governance, iceg, emerging technologies in e-government, m-government, 2008, pp. 312–323.

S. Lowman and I. Ferguson, “Web History Visualisation for Forensic Investigations,” pp. 1–15, 2011.

J. James and K. A. Cook, “A Visual Analytics Agenda,” IEEE Comput. Graph. Appl., vol. 26, no. 1, pp. 10–13, 2006.

M. C. Hao and U. Dayal, “Intelligent Visual Analytics Queries,” in IEEE Symposium on Visual Analyics and Technology, 2007, pp. 1–8.

D. Keim et al., “Visual Analytics : Definition , Process and Challenges,” in Information Visualization - Human-Centered Issues and Perspectives, Springer, 2008, pp. 154–175.

S. K. Card, J. D. Mackinlay, and B. Scheiderman, Readings in Information Visualization: Using Vision to Think (Interactive Technologies), 1st Editio. 1999.

K. Kent, S. Chevaliar, T. Grance, and H. Dang, “Guide to integrating forensic techniques into incident response,” 2006. [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf. [Accessed: 30-Mar-2014].

F. H. Rashid, “Cyberbullying among top five online threats,” News Straits Times, 2017. [Online]. Available: https://www.nst.com.my/news/exclusive/2017/05/236873/cyberbullying-among-top-five-online-threats. [Accessed: 09-Jan-2019].

N. Claudia, “Man Arrested After Posting Picture Insulting Najib on WhatsApp Group,” World of Buzz, 2016. [Online]. Available: https://www.worldofbuzz.com/man-arrested-posting-picture-insulting-msia-pm-whatsapp-group/. [Accessed: 09-Jan-2019].

C. Tassone, B. Martini, and K.-K. R. Choo, “Forensic Visualization: Survey and Future Directions,” in Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, Elsevier Inc., 2017, pp. 163–184.

N. D. W. Cahyani, B. Martini, and K.-K. R. Choo, “Do Multimedia Presentations Enhance Judiciary’s Technical Understanding of Digital Forensic Concepts? An Indonesian Case Study,” in Proceedings of Hawaii International Conference on System Sciences (HICSS 2016), 2016, pp. 5617–5626.

W. B. Wang, M. L. Huang, J. Zhang, and W. Lai, “Detecting criminal relationships through SOM visual analytics,” Proc. Int. Conf. Inf. Vis., vol. 2015-Septe, pp. 316–321, 2015.

S. Heuser, M. Negro, P. K. Pendyala, and A.-R. Sadeghi, “DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android,” in Financial Cryptography and Data Security, 2016, pp. 260–268.

J. Koven, E. Bertini, L. Dubois, and N. Memon, “InVEST: Intelligent visual email search and triage,” Digit. Investig., vol. 18, pp. S138–S148, 2016.

J. Stadlinger, A. Dewald, J. Stadlinger, and A. Dewald, “A Forensic Email Analysis Tool Using Dynamic Visualization,” vol. 12, no. 1, 2017.

I. Kotenko, M. Kolomeets, A. Chechulin, and Y. Chevalier, “A visual analytics approach for the cyber forensics based on different views of the network traffic,” vol. 2, no. June, pp. 57–73, 2018.

V. Wijk, “Eventpad : Rapid Malware Analysis and Reverse Engineering using Visual Analytics Eventpad : Rapid Malware Analysis and Reverse Engineering using Visual Analytics,” 2018.

J. Koven, C. Felix, H. Siadati, M. Jakobsson, and E. Bertini, “Lessons Learned Developing a Visual Analytics Solution for Investigative Analysis of Scamming Activities,” IEEE Trans. Vis. Comput. Graph., vol. 25, no. 1, pp. 225–234, 2018.

J. A. Lapso, “Whitelisting System State in Windows Forensic Memory Visualizations,” Air Force Institute of Technology, 2016.

Y. Singh and R. Malhotra, Object-Oriented Software Programming. PHI Learning Pvt. Ltd., 2012.

G. Grispos, W. B. Glisson, and T. Storer, “Using smartphones as a proxy for forensic evidence contained in cloud storage services,” in Proceedings of the 46th Annual Hawaii International Conference on System Sciences, 2013, pp. 4910–4919.

N. D. W. Cahyani, N. H. Ab Rahman, W. B. Glisson, and K.-K. R. Choo, “The role of mobile forensics in terrorism investigations involving the use of cloud storage service and communication apps,” Mob. Networks Appl., 2016.

N. Diakopoulos, M. Naaman, and F. Kivran-swaine, “Diamonds in the Rough : Social Media Visual Analytics for Journalistic Inquiry,” in IEEE Symposium on Visual Analyics and Technology, 2009, pp. 115–122.

A. Ariffin, C. D’orazio, K.-K. R. Choo, and J. Slay, “iOS forensics: How can we recover deleted image files with timestamp in a forensically sound manner?,” in Proceedings of the 8th International Conference on Availability, Reliability and Security, 2013, pp. 375–382.

N. H. Ab Rahman and K.-K. R. Choo, “A Survey of Information Security Incident Handling in the Cloud,” Comput. Secur., vol. 49, pp. 45–69, 2015.

C. Anglano, “Forensic Analysis of WhatsApp messenger on Android smartphones,” Digit. Investig., vol. 11, pp. 1–13, 2014.

S. Teerlink and R. F. Erbacher, “Foundations for Visual Forensic Analysis,” in Proceedings of the 7th IEEE Workshop on Information Assurance, 2006, no. June, pp. 21–23.

C. Anglano, M. Canonico, and M. Guazzone, “Forensic analysis of the ChatSecure instant messaging application on android smartphones,” Digit. Investig., vol. 19, pp. 44–59, 2016.

How to Cite
Ong, W. S., & Ab Rahman, N. H. (2020). A Forensic Analysis Visualization Tool for Mobile Instant Messaging Apps . International Journal on Information and Communication Technology (IJoICT), 6(2), 78-87. https://doi.org/10.21108/IJOICT.2020.62.530
Security & Cryptography