Applied Sciences (Nov 2022)
Mobile Cyber Forensic Investigations of Web3 Wallets on Android and iOS
Abstract
Constant advancements in technology have a significant impact on our everyday lives and the ecosystem in which we live. The growing popularity of cryptocurrencies (e.g., Bitcoin and Ethereum), along with Non-Fungible Tokens (NFTs), which are founded on blockchain technology, has opened the way for these blockchain projects to be integrated into a wide range of other kinds of applications (apps). Today, cryptocurrencies are used as a popular method of payment online; however, their popularity on the dark Web is also increasing. For example, they can be used to buy and perform various illegal activities among criminals due to their anonymity. Web3 cryptocurrency wallets, used to store cryptocurrencies, have not been studied as thoroughly as many other apps from a digital forensic perspective on mobile devices, given the increasing number of these services and apps today for many platforms, including the leading mobile operating systems (i.e., iOS and Android). Therefore, the purpose of this research is to guide investigators to unlock the full potential of popular cryptocurrency Web3 wallets, Trust Wallet and Metamask, to understand what can be recovered, and to look at areas where there are knowledge gaps. We digitally analyzed and forensically examined two mobile wallets that do not require any personal identifiers to register and are widely used for Web3 cryptocurrencies on Android and iOS devices. We review the digital evidence we have collected and discuss the implications of the forensic tools we have used. Finally, we propose a proof of concept extension to the iOS Logs, Events, And Plists Parser (iLEAPP) tool to automatically recover artifacts.
Keywords
