Watch Your WeChat Wallet: Digital Forensics Approach on WeChat Payments on Android

WeChat is one of the most popular instant messaging applications in the world. In 2021, WeChat had 1.24 billion active users. Its users call it ‘super app’ due to its various functions, and they particularly enjoy the payment feature for both personal and business purposes. Criminals abused the platforms to facilitate illegal activities such as bank fraud. Previous research on WeChat focused mostly on the messaging function of the WeChat app, but it has rarely been considered as a wallet or payment app. The payment feature on WeChat can provide crucial evidence, especially for scam cases. Therefore, this research intends to fill the gap by performing a forensic analysis of the WeChat payment function on Android devices. This research has five stages: device preparation, data population, data extraction, analysis, and reporting. In this research, five activities were examined: registering a credit card in the account, sending and receiving money with contact, performing money transactions with the corporate account, making payment through theService portal, and requesting the complete payment history from the official Weixin Pay account. The result shows that money transactions between contacts and money transactions throughService portalcan be fully recovered. Partial information can be retrieved when users register for credit cards or purchase official account services. However, no data on payment history could be recovered from the official Weixin Pay account. Magnet Axiom Process and Examine tools were used for image extraction and artifact analysis.