Authors: Hailey Johnson (University of New Haven), Karl Volk (University of New Haven), Robert Serafin (University of New Haven), Cinthya Grajeda-Mendez (University of New Haven), and Ibrahim Baggili (University of New Haven)
DFRWS USA 2022
Mainstream social platforms boast billions of users worldwide. In recent years, popular social platforms have seen a decline in their users that are choosing to migrate to alternative-tech social applications reinforced by frustrations of mainstream social platforms over alleged censorship of free speech and banning of predominant public figures such as the former president of the United States (U.S.). As such, group effect of similar minded users on alternative-tech social platforms may lead to fostering events such as the U.S. Capitol attack on January 6th, 2021, where the spreading of false information and extremist ideologies through alt-tech applications such as Parler and MeWe took place. These cases demonstrate the immense forensic need to understand how alternative-tech social applications operate and what they store about their users’ personal information and activities. We present the primary account for the digital forensic study of (n = 9) alternative-tech social applications used on Android and iOS devices. Our analysis includes Parler, MeWe, CloutHub, Wimkin, Minds (Minds Mobile and Minds Chat), SafeChat, 2nd1st, and GETTR. Results revealed that some applications do store unencryted user information on the devices, such as usernames, phone numbers, email addresses, posts and comments, and private chat messages. Furthermore, some security vulnerabilities were discovered that allow users to download data that should have been private (such as sent private images) without authentication and authorization by other users. Finally, to aid in the analysis and automatic extraction of relevant evidence, we share Alternative Social Networking Applications Analysis Tool (ASNAAT), that automatically aggregates forensically relevant data from the alt-tech social applications when presented with a mobile device’s forensic image.