Identifying interception possibilities for WhatsApp communication

TL;DR

This paper presents a forensic method enabling law enforcement to gain real-time insights into WhatsApp communications by combining wiretapping, decryption, open source intelligence, and Web analysis, addressing a critical investigative gap.

Contribution

It introduces a novel forensic approach that allows real-time monitoring and analysis of WhatsApp communications, overcoming limitations of existing post-mortem and metadata-only methods.

Findings

The approach is feasible and effective in various scenarios.

It provides real-time insights into encrypted WhatsApp communications.

The method enhances law enforcement capabilities for digital investigations.

Abstract

On a daily basis, law enforcement officers struggle with suspects using mobile communication applications for criminal activities. These mobile applications replaced SMS-messaging and evolved the last few years from plain-text data transmission and storage to an encrypted version. Regardless of the benefits for all law abiding citizens, this is considered to be the downside for criminal investigations. Normal smartphone, computer or network investigations do no longer provide the contents of the communication in real-time when suspects are using apps like WhatsApp, Signal or Telegram. Among them, WhatsApp is one of the most common smartphone applications for communication, both criminal as well as legal activities. Early 2016 WhatsApp introduced end-to-end encryption for all users, immediately keeping law enforcement officers around the world in the dark. Existing research to recuperate the position of law enforcement is limited to a single field of investigation and often limited to post mortem research on smartphone or computer while wiretapping is limited to metadata information. Therefore, it provides only historical data or metadata while law enforcement officers want a continuous stream of live and substantive information. This paper identified that gap in available scenarios for law enforcement investigations and identified a gap in methods available for forensic acquiring and processing these scenarios. In this paper, we propose a forensic approach to create real-time insight in the WhatsApp communication. Our approach is based on the wiretapping, decrypting WhatsApp databases, open source intelligence and WhatsApp Web communication analysis. We also evaluate our method with different scenarios in WhatsApp forensics to prove its feasibility and efficiency.