Volume 11 Issue 1 ( March )

Digital forensics has a pivotal role in advancing Sustainable Development Goals (SDGs) by enhancing accountability, ensuring digital security, and contributing to environmental sustainability. Digital forensics facilitates investigations for justice, strengthens cybersecurity for resilient infrastructure, and supports environmental sustainability by analyzing data and investigating environmental crimes. WhatsApp's disappearing messages feature, which enables messages to disappear after a user-defined duration, poses new challenges in digital forensics. Criminals can potentially abuse this feature to eliminate message evidence. This research proposes a novel approach to obtaining digital evidence from WhatsApp's disappearing messages using the NIST SP 800-101r1 method. Six scenarios are simulated: forwarded messages, quoted messages, media messages, offline recipients, call history, and unread messages. Forensic analysis of six scenarios from 11–14 June 2023 reveals that 83.33% of disappeared messages could be recovered from backup files and notification logs, while the rest could not be recovered due to missing backup files.

Keywords: disappearing message; forensic analysis; NIST SP 800-101r1; unrooted Android; WhatsApp