A Digital Evidence Analysis of the Twinme Application on Android Based on INTERPOL Guidelines for Digital Forensics Laboratories

A Digital Evidence Analysis of the Twinme Application on Android Based on INTERPOL Guidelines for Digital Forensics Laboratories

연구 분야: Analysis

학회: 2024 International Conference on Information Technology and Computing (ICITCOM)

The Twinme application on Android (referred to as Twinme) is one of the Instant Messaging applications that uses end-to-end encryption in communication. The ever-evolving security features of this application can be misused by criminals to protect themselves from being monitored by authorities. For example, a criminal can exploit Twinme by using an alias when involved in a drug trafficking network. Handling this kind of problem requires the role of digital forensics to provide information to investigators in finding digital evidence. This study aims to conduct an analysis of digital evidence on Twinme in a test environment of an Android smartphone version 11 in a rooted condition. The selection of the Android operating system is based on its widespread use worldwide. There are three scenarios used: normal usage of the application, manual deletion, and the disappearing message feature. This study adapts the INTERPOL guidelines to examine digital evidence from Twinme usage, tailored to the device used. The artifacts found can then be reconstructed into digital evidence and analyzed to extract additional usage information. This information can be valid digital evidence in cases of criminal activity, contributing to the overall forensic process and helping in building a legal case. The analysis results show that even though Twinme has a mechanism for deleting messages, both manually and automatically, proper digital forensic techniques can still reveal significant digital artifacts. Therefore, applications such as Twinme remain vulnerable to forensic analysis that can reveal evidence in the context of criminal investigations.