Investigating Emojis: Do You Speak Emoji?

My purpose for this article is to help to provide a perspective that may be of value to you during your investigations. Furthermore, the information I will provide may shed some light with regards to digital forensic investigations and media investigations. These are PAST experiences prior to 2018.

Investigating emojis is like speaking another language, however, if you find the commonality of what the emoji stands for, you will have a point of reference for basic conversation. For example, when you are learning a new language, whether for cultural reasons or to understand a new form of “slang,” certain words or emojis will differ with regard to the meaning and dialect; not all emojis are created equal.

In a past case dealing with narcotics, there was a burner phone that was obtained during the apprehension and we were tasked to do forensics on it. During the forensic discovery, we noted that the dealer used emojis to communicate as well as GPS for location drops; barely any words were used. As we dug into the meaning behind the use of emojis through the narcotics phone, we were able to decipher the hidden language.

An example below was a similar extraction where as we can see the emojis did most of the talking. Establishing the correlating values of the emojis to the value of the street items is how this drug dealer was prosecuted.

It is important to understand the emoji language, its interpretation, the context with the specific device, and the individual you are doing the forensic discovery on. Further, it is important to understand the presumed crime and overall matter of interest. Understanding and deciphering these language bites can help bridge a communication gap that some may not understand.

In order to understand the alternative meanings of emojis, find out how these emojis are being interpreted and how you can understand them better; research is going to be your best friend. What would also be helpful is to understand the person in question and whether the interpretation of those emojis will differ depending on the culture or additional factors depending on the person in question. You may find yourself in a highly complex case where tools such as Axiom and Cellebrite will carry forward to a certain point, but it will be upon you to make the determination and deciphering of what an emoji stands for. If it’s beyond your capability, you may need to consult with a professional or conduct more research.

Ricoh Danielson is a cyber security researcher with areas of focus in digital forensics, incident response, and overall cyber security. He is a graduate from Thomas Jefferson School of Law, Colorado Tech University, UCLA, and Villanova University. Ricoh was the owner of a digital forensics firm, Fortitude Tech, where he assisted in preservation of digital evidence in the means of digital forensics. Ricoh was one of the founders of EXXO Tech learning as well. Ricoh has also led the veteran community in development and education.

