International Journal of Innovations in Engineering and Management, Vol. 4; No. 2: ISSN: 2319-3344 (July-Dec 2015) www.gtia.co.in 1 Evidence Gathering of Line Messenger on iPhones Vineeta Jain, Divya Rish Sahu, Deepak Singh Tomar Department of Computer Science, Maulana Azad National Institute of Technology, Bhopal (M P), India Email: vineetajain.jecrc@gmail.com, divyarishi.sahu@manit.ac.in, deepaktomar@manit.ac.in Abstract: The contemporary Smartphone has built-in Instant Messaging (IM) applications like Whatsapp, Line, etc, which facilitates users to send and receive chat messages, video, audio and images via Smartphone in real time. Apart from benefits offered by Instant Messaging (IM), it also suffers from few vulnerabilities which provide ground for attackers to launch attacks such as Man-in-the-middle attack (MITM). These applications leave traces and Evidences in phone. In order to identify crimes, it is essentially required to retrieve these traces and evidences by using appropriate forensic technique. The works carried out in this field deals with forensic analysis of Whatsapp, viber, ChatOn etc but not with forensic analysis of Line messenger, even though number of users of Line messenger is more than 500 million. In this work, evidence subjected to Line messenger has been extracted from iPhone running ios 6. This paper presents evidence gathering of Line IM application which proves beneficial for forensic analysts and practitioners as it assists them in course of mapping and locating digital evidences of Line messenger on iPhone. Keywords: Instant Messaging, Mobile Instant Messaging, Evidence Gathering, Forensic Models, Logs Accepted On: 29.07.2015 1. Introduction Decades back, the source of communication existing between humans has been letters, telegram, wireless radio, SMS etc. With the arrival of ICQ, a brand new approach of text- based online communication using laptops or PC known as instant messaging, emerged and developed promptly. The popularity of IM hiked with the launch of other IM such as AOL, Yahoo messenger, MSN messenger etc. In 2009, with the introduction of Whatsapp, a wave of technology known as Mobile instant Messaging (MIM) which is defined as the proficiency to use instant messaging application on Smartphone engulfed the existing technologies. Later, in 2010 and 2011 many MIM applications surfaced as well such as Line, Viber, WeChat, Kakao Talk etc. In 2014, McKinsey and Company analyzed that the use of mobile instant messaging has increased from 5% to 85% [1]. Driven by the reducing cost and handiness of mobile data plans, along with the ease they provide to users, the use of MIM’s has became widespread. All that glitters is not gold so is the case with MIM applications. They are misused to perform cyber crime activities such as tampering, phishing, threatening, identity fraud etc. This paper explores the forensic evidences of Line messenger which is one of the most prominent and skill fully devised instant messaging application for IOS, android, tablet and desktop users. Line introduced in 2011 by Naver Corporation in South Korea [2]. It has over 560 million registered users [3]. It is recognized as being a "Fast and Light" messenger that is considered as the "The Number 1 Free App" in many countries, especially in South East Asia [2]. Despite the advantages imparted by LINE, it is vulnerable to threats. LINE IM application sends messages unencrypted over the internet. It makes LINE vulnerable to attacks such as Man-in-the-middle attack [4], eavesdropping, etc, which may lead to loss of confidential information such as login credentials, location coordinate etc. The results can be catastrophic. This work attempts to examine the evidences of Line messenger stored in internal memory of iPhone. The logs and database of Line have been extracted from iPhone. Database entries are further preprocessed and studied to scrutinize attributes and determine forensically relevant evidences. 2. Related Work The major requirement of a successful forensic analysis is its model. A forensic analyst need to incorporate an appropriate model based on the scenario. Therefore, applying feasible forensic model in a scenario has always been a concern of researchers and analysts.