iForensics: Forensic Analysis of Instant Messaging on Smart Phones

  • Mohammad Iftekhar Husain
  • Ramalingam Sridhar
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 31)


Smart phones with Internet capability are growing in popularity, due to many of their useful capabilities. Among other handy features of smart phones, Instant Messaging (IM) is very popular due to the level of convenience it provides in interpersonal communications. As the usage of IM on smart phone is increasing rapidly, it is important to take measures in advance from forensic standpoint forecasting the potential use of it in cyber crimes such as the cyber stalking and cyber bullying. Although, current IM applications for smart phones are in most cases a downsized version of the one used on traditional computers, diverse structure of file systems and storage device on different smart phones pose unique challenges to forensic examiners for recovering digital evidences of a conversation under investigation. In this work, we study and report the forensic analysis of three different IMs: AIM, Yahoo! Messenger and Google Talk, (both client based and web based version) on Apple iPhone. Our results show that the forensic analysis of IMs on smart phones has significant value and needs further attention.


smart phone forensics instant messaging chat forensics iPhone forensics 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Apple-iPhone-Mobile phone, iPod and Internet device,
  2. 2.
    Vaughn, S.C.: MobileSyncBrowser,
  3. 3.
    Yahoo! Messenger for the iPhone,
  4. 4.
    AIM on iPhone - Discover AOL,
  5. 5.
    Google Mobile | Talk for your iPhone,
  6. 6.
  7. 7.
    Richardson, W.: How To Mount Your iPhone Filesystem On Your Desktop In Ubuntu (2007),
  8. 8.
  9. 9.
  10. 10.
    How to Jailbreak Your iPhone in Under a Minute,
  11. 11.
  12. 12.
    Yahoo Messenger for the Web,
  13. 13.
  14. 14.
    Zdziarski, J.: iPhone Forensics. O’reilly Media, California (2008)Google Scholar
  15. 15.
    Punja, S.G., Mislan, R.P.: Mobile Device Analysis. Small Scale Digital Device Forensics Journal 2(1), 1–16 (2008)Google Scholar
  16. 16.
  17. 17.
    Reust, J.: AOL Instant Messenger Trace Evidence. Digital Investigation 3(4), 238–243 (2006)CrossRefGoogle Scholar
  18. 18.
    Parsonage, H.: The Forensic Recovery of Instant Messages from MSN Messenger and Windows Live Messenger (2008),
  19. 19.
    Dickson, M.: An examination into Yahoo Messenger 7.0. Digital Investigation 3(3), 159–165 (2006)CrossRefGoogle Scholar
  20. 20.
    Kiley, M., Dankner, S., Rogers, M.: Forensic Analysis of Volatile Instant Messaging. Advances in Digital Forensics 4, 129–138 (2008)Google Scholar
  21. 21.
    Computer Investigation, Electronic Evidence - ACPO Guideline (2009),
  22. 22.
  23. 23.
    Device Seizure, Paraben Forensic Tools,
  24. 24.
    Wolf, Sixth Legion,
  25. 25.
  26. 26.
  27. 27.
  28. 28.
  29. 29.
    SQLite Database Browser,
  30. 30.
    plist Editor for Windows,
  31. 31.
  32. 32.
  33. 33.

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Mohammad Iftekhar Husain
    • 1
  • Ramalingam Sridhar
    • 1
  1. 1.University at Buffalo, State University of New YorkBuffalo

Personalised recommendations