Today's smartphones and tablets use different applications and software for all sorts of purposes: communication, entertainment, fitness, to share images with each other, to keep up to date with the news and lots of different daily tasks. With the heavy usage of all these apps, it is no wonder that it comes with a few issues. Private data is stored in large quantities both on the local device and on the app-creators' servers. It is no wonder that applications advertising user secrecy and transient storage of user data. One of these applications is Snapchat, with over 500 million downloads on Google Play store, at the time of writing. Snapchat is a communication application with the niched feature that the images and messages sent, disappear once opened or after 24 hours have passed. With the illusion of privacy behind Snapchats niche it has become a breeding ground for criminal activity. The niche itself translates to a troublesome hurdle for law enforcement trying to retrieve evidence from devices of Snapchat users. This paper is aimed to investigate these issues and perform a methodology to retrieve potential evidence on a device using Snapchat to send images and messages. By performing a physical acquisition on a test device and analyzing to find artifacts pertaining to Snapchat and the test-data that was created. The method is performed on a Samsung Galaxy S4 with Android 5.0.1 running Snapchat version 10.52.3.0. Test data such as different images and messages were created and attempted to be retrieved at three points in time. First one being right after data creation. Second one after a restart and 24 hours after the data was created. And the third with 48 hours passed and the Snapchat user logged out at the time of acquisition. The acquisition resulted in the extraction of several sent images and a full text conversation between the experimental device and another party. A full video which was uploaded by the receiving user was able to be extracted even though the experimental device never actually viewed the video. The second acquisition which was made when 24h had passed gave the same results as the first one. This meant that time at least up to a day after the initial creation of the data did not have any effect on the evidence. However, when the Snapchat user was logged out from the application, the data was then unobtainable and had disappeared. Presumably Snapchat has a function which deletes personal data about the user when logged out from the application. This function might become a hurdle in law enforcement investigations where the application Snapchat is involved.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:hh-40207 |
Date | January 2019 |
Creators | Nordin, Anton, Liffner, Felix |
Publisher | Högskolan i Halmstad, Akademin för informationsteknologi, Högskolan i Halmstad, Akademin för informationsteknologi |
Source Sets | DiVA Archive at Upsalla University |
Language | Swedish |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0024 seconds