Abstract
WeChat is one of the most popular instant messaging applications in the world. In 2021, WeChat had 1.24 billion active users. Its users call it ‘super app’ due to its various functions, and they particularly enjoy the payment feature for both personal and business purposes. Criminals abused the platforms to facilitate illegal activities such as bank fraud. Previous research on WeChat focused mostly on the messaging function of the WeChat app, but it has rarely been considered as a wallet or payment app. The payment feature on WeChat can provide crucial evidence, especially for scam cases. Therefore, this research intends to fill the gap by performing a forensic analysis of the WeChat payment function on Android devices. This research has five stages: device preparation, data population, data extraction, analysis, and reporting. In this research, five activities were examined: registering a credit card in the account, sending and receiving money with contact, performing money transactions with the corporate account, making payment through the Service portal, and requesting the complete payment history from the official Weixin Pay account. The result shows that money transactions between contacts and money transactions through Service portal can be fully recovered. Partial information can be retrieved when users register for credit cards or purchase official account services. However, no data on payment history could be recovered from the official Weixin Pay account. Magnet Axiom Process and Examine tools were used for image extraction and artifact analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mobile devices (2017). https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testing-program-cftt/cftt-technical/mobile
WeChat privacy policy (2022). https://www.wechat.com/en/privacy_policy.html
Azfar, A., Choo, K.K.R., Liu, L.: An Android communication app forensic taxonomy. J. Forensic Sci. 61 (2016). https://doi.org/10.1111/1556-4029.13164
Iqbal, M.: WeChat revenue and usage statistics. Business of Apps (2022). https://www.businessofapps.com/data/wechat-statistics/
Kao, D.Y., Wang, T.C., Tsai, F.C.: Forensic artifacts of network traffic on WeChat calls. In: 2020 22nd International Conference on Advanced Communication Technology (ICACT), pp. 262–267 (2020). https://doi.org/10.23919/ICACT48636.2020.9061437
Menahil, A., Iqbal, W., Iftikhar, M., Shahid, W., ul Hassan, K., Rubab, S.: Forensic analysis of social networking applications on an Android smartphone. Wirel. Commun. Mob. Comput. 2021, 1–36 (2021). https://doi.org/10.1155/2021/5567592
Nancy: The WeChat scams sweeping Asia. HackerNews (2019). https://myhackernews.com/blog/the-wechat-scams-sweeping-asia/
Park, E., Kim, S., Kim, J.: Analysis of WeChat Messenger on Windows and Android platforms. In: Digital Forensics Research, vol. 14, pp. 205–220 (2020)
Rathi, K., Karabiyik, U., Aderibigbe, T., Chi, H.: Forensic analysis of encrypted instant messaging applications on Android. In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pp. 1–6 (2018). https://doi.org/10.1109/ISDFS.2018.8355344
Sihombing, H.C., Fajar, A.N., Utama, D.N.: Instant messaging as information goldmines to digital forensic: a systematic review. In: 2018 International Conference on Information Management and Technology (ICIMTech), pp. 235–240 (2018). https://doi.org/10.1109/ICIMTech.2018.8528089
Silla, C.: WeChat forensic artifacts: Android phone extraction and analysis (2015)
Wu, S., Sun, W., Liu, X., Zhang, Y.: Forensics on Twitter and WeChat using a customised Android emulator. In: 2018 IEEE 4th International Conference on Computer and Communications (ICCC), pp. 602–608 (2018). https://doi.org/10.1109/CompComm.2018.8781056
Wu, S., Zhang, Y., Wang, X., Xiong, X., Du, L.: Forensic analysis of WeChat on Android smartphones. Digit. Invest. 21 (2017). https://doi.org/10.1016/j.diin.2016.11.002
Yan, F., et al.: Identifying WeChat red packets and fund transfers via analyzing encrypted network traffic. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 1426–1432 (2018). https://doi.org/10.1109/TrustCom/BigDataSE.2018.00198
Zhang, C., Yin, J.: Research on security mechanism and forensics of SQLite database. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds.) ICAIS 2021. CCIS, vol. 1423, pp. 614–629. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78618-2_51
Zhang, L., Yu, F., Ji, Q.: The forensic analysis of WeChat message. In: 2016 Sixth International Conference on Instrumentation Measurement, Computer, Communication and Control (IMCCC), pp. 500–503 (2016). https://doi.org/10.1109/IMCCC.2016.24
Zhou, F., Yang, Y., Ding, Z., Sun, G.: Dump and analysis of Android volatile memory on WeChat. In: 2015 IEEE International Conference on Communications (ICC), pp. 7151–7156 (2015). https://doi.org/10.1109/ICC.2015.7249467
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhou, J., Karabiyik, U. (2023). Watch Your WeChat Wallet: Digital Forensics Approach on WeChat Payments on Android. In: Goel, S., Gladyshev, P., Nikolay, A., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 508. Springer, Cham. https://doi.org/10.1007/978-3-031-36574-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-36574-4_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36573-7
Online ISBN: 978-3-031-36574-4
eBook Packages: Computer ScienceComputer Science (R0)