Blog >> Android GroupMe

Investigating Android GroupMe

03/02/2023 Friday

GroupMe is a cross platform instant messaging application available on both Android and iOS. The app has various features enabling users to create and manage groups, share information and updates, schedule events, polls, and surveys. Additionally, the app gives users the ability to share their location and make voice and video calls. GroupMe also offers a wide range of customized options for personalizing the user experience.

Digital Forensics Value of GroupMe

GroupMe keeps records of user’s activities stored locally on the device such as the accounts that the local user has logged in with on the device, the messages sent and received by the local user, details related to groups, contacts and more. This data can be helpful during a digital analysis to determine the connection between individuals, the timing and location of communications and so on.

Location of GroupMe Artifacts

GroupMe artifacts are found in the following location:
data/ /app_webview/Default/Cookies

Analyzing GroupMe with ArtiFast

This section will discuss how to use ArtiFast to extract GroupMe from Android and what kind of digital forensics insights we can gain from the artifacts.

After you have created your case and added evidence for the investigation, at the Artifact Selection phase, you can select GroupMe artifacts.

Once ArtiFast parser plugins complete processing the artifact for analysis, it can be reviewed via “Artifact View” or “Timeline View,” with indexing, filtering, and searching capabilities. Below is a detailed description of Android GroupMe artifacts in ArtiFast.

Android GroupMe Contacts Artifact

Android GroupMe Messages Artifact

Android GroupMe Groups Artifact

Android GroupMe Accounts Artifact

Android GroupMe Cookies Artifact

For more information or suggestions please contact: [email protected]