Creating and sharing knowledge for telecommunications

Post-mortem digital forensic artifacts of TikTok Android App

Domingues, P. ; Nogueira, RN ; Francisco, JCF ; Frade, M. F.

Post-mortem digital forensic artifacts of TikTok Android App, Proc International Workshop on Digital Forensics / International Conference on Availability, Reliability and Security WSDF-ARES, Dublin, Ireland, Vol. , pp. - , August, 2020.

Digital Object Identifier: 10.1145/3407023.3409203

Abstract
TikTok is a social network known mostly for the creation and sharing of short videos and for its popularity for those under 30 years old. Although it has only appeared as Android and iOS apps in 2017, it has gathered a large user base, being one of the most downloaded and used app. In this paper, we study the digital forensic artifacts of TikTok's app that can be recovered with a post mortem analysis of an Android phone, detailing the databases and XML with data that might be relevant for a digital forensic practitioner. We also provide the module tiktok.py to extract several forensic artifacts of TikTok in a digital forensic analysis of an Android phone. The module runs under Autopsy's Android Analyzer environment. Although TikTok offers a rich set of features, it is very internet-dependent, with a large amount of its inner data kept on the cloud, and thus not easily accessible in a post mortem analysis. Nonetheless, we were able to recover messages exchanged through the app communications channels, the list of TikTok users that have interacted with the TikTok account used at the smartphone, photos linked to the app and in some circumstances, TikTok's videos watched by the smartphone's user.