Forensic Analysis of Telegram Messenger

On the methodology of forensic analysis of artifacts created on Android smartphones, Telegram Messenger is described in this article. This methodology is based on the development of a set of experiments suitable for generating artifacts and storing them on a storage device, as well as using virtualized smartphones to ensure common results and full repeatability of experiments, so that our results can be reproduced and verified by a third party.

 


You will be able to identify through the application of this methodology.

All the artifacts left by Telegram Messenger on Android smartphones, and the authors showed how these artifacts can provide a lot of information about the investigation cost. As a result, in this article the authors will show:

1. How to restore contact list.
2. How to determine the essential properties of different chats, groups and channels.
3. How to restore the voice call log.

The authors of the methodology plan to investigate the spread of this methodology to other mobile platforms (in particular, iOS and Windows Phone).

 

More.