![]() However, the pictures sent through kik can still be found by going to Kik.android\f\staging\thumbs: As with iOS, the picture messages are not represented in the database file. In Android we were able to see who sent what message, but other than that, the same information is represented. The Android database file is a bit different than iOS. In that table we found relevant information like the time messages were sent, what the messages said, and who sent them: ![]() These files are the memes and sketches sent and received within kik that aren’t represented in “ZKIKMESSAGE”.Ī lot of the relevant information that we found from kik was within: Kik.android\db\kikDatabase.db We loaded kikDatabase.db into SqliteBrowser and went into the “messagesTable” table. iOS stores the attachments sent through kik in: \Documents\attachments within that folder files are created: The reason this field had “c4df6a8f-e180-4d99-a4ed-f8a45ddda87b” instead of being blank is because this picture message was sent by using the camera app on the phone, whereas the other pictures were sent directly through kik using their built in meme and sketch functions.Īlthough the fields may be blank, it is still possible to find what images were sent. We aren’t sure why this message is different than the others, but we have a possible explanation. For some reason, one of the messages above says “c4df6a8f-e180-4d99-a4ed-f8a45ddda87b” which was a picture that was received and wasn’t an actual text message. There are also some message fields that are blank, this is because no text was actually ever sent, and instead it was a picture message. There are also some messages that have “”, these “” are stored in place of an emoji. The message timestamps are stored in EPOCH. In that table we found relevant information like the time messages were sent, the time they were received and what the messages said: We loaded kik.sqlite into SqliteBrowser and went into the “ZKIKMESSAGE” table. iOS Artifacts:Ī lot of the relevant information that we found from kik was within: \kik.sqlite. During data generation, we sent messages back and forth between the two devices and used some kik specific messaging features like memes and sketches. ![]() We generated data on both Android and iOS and then imaged the devices using Cellebrite UFED Touch. We have already started our research into kik and have been able to find some great artifacts. In addition to these two new apps, we would still like to research WhatsApp and dig deeper into our research on Cyber Dust & Wickr. In the second semester of Mobile Device Apps Forensics we are planning on adding two new apps to our research: Kik and GroupMe. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |