A Forensic Analysis Visualization Tool for Mobile Instant Messaging Apps

Abstract

In this study, we demonstrate the role of visualization to facilitate forensic analysis goal in interpreting metadata of evidence of interest to answer who, what, why, when, where, and how an incident occurred. Two mobile Instant Messaging (IM) applications (i.e. WhatsApp and Line) were deployed as a case study.  Subsequently, a tool – W*W Visualizer – was designed and developed with the aims to analyze and visualize the connection of evidence metadata, text frequency and word count, and display report of analysis activities. The tool is developed by adopting Object-Oriented Software Development Model with Visual Studio platform and C# language were used to develop the system. Our findings show that W*W Visualizer could transform the data of the chat database into a visual form, for example graph, chart and word cloud. The tool also allows the user to perform search feature such as searching based on keyword and timestamp from the IM chat history. It is expected that outcomes from this study would significantly influence digital forensics practitioners in analyzing and interpreting evidence data, and judicial authorities in understanding the presentation of evidence.