Analyzing TikTok from a Digital Forensics Perspective
TikTok is a major hit in the digital mobile world, quickly reaching the top 10 installed applications for the two main mobile OS, iOS and Android. This paper studies Android’s TikTok application from a digital forensic perspective, analyzing the digital forensic artifacts that can be retrieved on a post mortem analysis and their associations with operations performed by the user. The paper also presents FAMA (Forensic Analysis for Mobile Apps), an extensible framework for the forensic software Autopsy, and FAMA’s TikTok module that collects, analyzes, and reports on the main digital forensic artifacts of TikTok’s Android application. The most relevant digital artifacts of TikTok include messages exchanged between TikTok so-called “friends”, parts of the email/phone number of registered users, data about devices, and transactions with TikTok’s virtual currency. One of the results of this research is the set of forensic traces left by users’ transactions with TikTok’s in-app virtual currency. Another result is the detection of patterns that exist in TikTok’s integer IDs, allowing to quickly link any 64-bit TikTok’s integer ID to the type of resources – user, device, video, etc. – that it represents.