Forensics Analysis of Android Mobile VoIP Apps

TL;DR

This study investigates the forensic artifacts left by popular Android VoIP apps like Viber, Skype, and WhatsApp, revealing recoverable user data such as messages, contacts, and media files to aid digital investigations.

Contribution

It provides a detailed forensic analysis of three major Android VoIP apps, identifying the types of user data that can be recovered for investigative purposes.

Findings

Recoverable messages, contacts, and media files from devices.

Significant forensic artifacts are present in popular mVoIP apps.

Enhanced understanding of privacy implications for users.

Abstract

Voice over Internet Protocol (VoIP) applications (apps) provide convenient and low cost means for users to communicate and share information with each other in real-time. Day by day, the popularity of such apps is increasing, and people produce and share a huge amount of data, including their personal and sensitive information. This might lead to several privacy issues, such as revealing user contacts, private messages or personal photos. Therefore, having an up-to-date forensic understanding of these apps is necessary. This chapter presents analysis of forensically valuable remnants of three popular Mobile VoIP (mVoIP) apps on Google Play store, namely: Viber, Skype, and WhatsApp Messenger, in order to figure out to what extent these apps reveal forensically valuable information about the users activities. We performed a thorough investigative study of these three mVoIP apps on smartphone devices. Our experimental results show that several artefacts, such as messages, contact details, phone numbers, images, and video files, are recoverable from the smartphone device that is equipped with these mVoIP apps.