Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Chat Message Evidence: What Chat Apps Does the FBI Get the Most Information From?

December 2, 2021

Recently, Hadlee Simons at Android Authority published an article about what data the FBI gets from various chat applications through the legal processes they use. There are tons of apps available on mobile marketplaces that allow for users to chat with each other, but there are some big staples in use today. Applications such as WhatsApp, iMessage, Telegram, Signal and Viber are some of the more popular applications out there.

Many of the messaging applications have been implementing or talking about their data security and privacy policies, touting features such as end-to-end encryption and what data is retained or stored on their servers. Simons writes, “Rolling Stone and Property of the People obtained an FBI document that details exactly what kind of information the bureau can obtain from various messaging apps with a warrant or subpoena.” The document can be found here on the Property of the People website.

There are two major messaging applications that stick out in that document as providing more data than others, WhatsApp and iMessage. Line is also in the same category as the previously mentioned applications. A search warrant provided to Apple for a specific account can return information such as the iCloud backup and the encryption keys associated with the backups if backups are enabled and being used.

Depending on the data that is being backed up to the iCloud, the FBI may very well have a copy of almost all the data that is on a phone synced to that iCloud account, including messages, pictures, videos, etc. What is even more interesting is that other application data can also be backed up to the iCloud, so those WhatsApp messages that are syncing to the iCloud will be included as well and can most likely be viewed by a digital forensic examiner with the proper digital forensic software.

There is also data that law enforcement such as the FBI can get through subpoenas and warrants to the companies, and that data will vary depending on the data that the companies have available and the language of the legal search authority. The recently released document by Property of the People shows what data can be gathered from the different search authorities.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology