EFFICIENCY AND RELIABILITY OF FORENSIC TOOLS IN RECOVERING ANDROID WHATSAPP DATA: A COMPARATIVE STUDY

The global increase in mobile phone usage and internet access has contributed to a corresponding rise in cybercrimes, which are not confined to specific geographical regions. Mobile devices involved in criminal activities provide valuable investigative data, thereby increasing the importance of mobile forensics. WhatsApp, as the most widely used instant messaging application, facilitates extensive information exchange. However, frequent application updates and enhanced device security pose challenges to forensic data extraction, necessitating efficient techniques to maximize recoverable data within limited timeframes. This study aims to develop a database of commercially available mobile devices by examining 30 Android smartphones using MSAB XRY and Oxygen Forensic^® Detective. Data extraction methods included logical, file system, and physical techniques, applied according to each tool’s capabilities. The extracted WhatsApp database comprised media files, call logs, text messages, and application log entries. Statistical analysis revealed significant differences between the tools, with MSAB XRY retrieving a higher volume of WhatsApp-related files compared to Oxygen Forensic^® Detective.