Authors: Alexandros Vasilaras (University of Athens), Donatos Dosis (University of West Attica), Michael Kotsis (University of West Attica), Panagiotis Rizomiliotis (University of Athens)
DFRWS APAC 2022
Abstract
One of the most popular instant messaging applications and platforms is Telegram. In this paper, an investigation into digital forensics on Telegram is provided, deployed on contemporary android mobile phones. Due to its structure complexity, it is very challenging for forensic tools and software to properly decode its data during a forensic examination, and, especially, when it comes to deleted records retrieval. For the analysis, a realistic scenario was implemented by exchanging thousands of messages and media files among four active Telegram users, while trying to recover content from deleted text messages and exchanged picture files. Abundance of modern and up to date forensic software and tools were utilized to verify and crosscheck the results.