Uncovering Signal : Simplifying Forensic Investigations of the Signal Application

• Main Authors: Liljekvist, Erika, Hedlund, Oscar
• Format: Others
• Language: English
• Published: Högskolan i Halmstad, Akademin för informationsteknologi 2021
• Subjects: Signal; Encryption; Digital forensics; Database analysis; Decryption; SQLCipher; Jailbreak; Objection; FRIDA; Open-source; Digital forensic tool; Computer Systems; Datorsystem
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-44835

The increasing availability of easy-to-use end-to-end encrypted messaging applications has made it possible for more people to conduct their conversations privately. This is something that criminals have taken advantage of and it has proven to make digital forensic investigations more difficult as methods of decrypting the data are needed. In this thesis, data from iOS and Windows devices is extracted and analysed, with focus on the application Signal. Even though other operating systems are compatible with the Signal application, such as Android, it is outside the scope of this thesis. The results of this thesis provide access to data stored in the encrypted application Signalwithout the need for expensive analysis tools. This is done by developing and publishing the first open-source script for decryption and parsing of the Signal database. The script is available for anyone at https://github.com/decryptSignal/decryptSignal.