Professional Documents
Culture Documents
Ijcsdf 8 1 Forensicanalysisofandroid Basedwhatsappmessengeragainstfraudcrime PDF
Ijcsdf 8 1 Forensicanalysisofandroid Basedwhatsappmessengeragainstfraudcrime PDF
net/publication/336411253
CITATIONS READS
9 2,351
2 authors, including:
Imam Riadi
Ahmad Dahlan University
240 PUBLICATIONS 1,986 CITATIONS
SEE PROFILE
All content following this page was uploaded by Imam Riadi on 11 October 2019.
89
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 89-97
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
case. Digital forensics can also be interpreted as the browser, then the two applications can access each
collection and analysis of data from various other simultaneously and identically.
computers of computer power including computer
2.3 Mobile Forensics
systems, computer networks, communication lines,
Mobile forensic devices data taken from the phone
and appropriate storage media to be presented in
by itself can be used as evidence.This evidence can
court [6].
be the foundation when investigating a case by law
2.2 WhatsApp Messenger Forensics enforcement agencies. There is some evidence that
Live memory has different goals and needs while can be extracted from the phone. The types of
doing forensic activities.This framework can get evidence that can be extracted from the phone
forensic information when an event has ended or can include contact numbers, call logs, SMS messages,
be categorized as we search for information with the audio files, emails, and internet history. These
help of log/history database of WhatsApp artifacts can be extracted by either logical or
application.Using this framework is very easy and physical frameworks. Logically it is extracted with
requires only log/history database written in the the device using some special tools. Software or
smartphone with the help of tools. In Figure 1 shows
tools that can extract these artifacts are very limited.
illustrates the Forensic WhatsApp frameworkology
So forensic investigators will find it difficult to carry
using Live Memory [4].
out this work in a timely fashion [7].
90
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 89-97
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
91
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 89-97
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
2) Examination
In the acquisition, a stage is done imaging
process which where each smartphone will be
a different way of process imaging in
accordance with the operating system and Figure 4 Selection Process Source File to be
in Imaging
mobile devices used and different
characteristics. There are 5 choices of source files. The
a) Early Smartphone Detection with FTK investigator selects the selected source file
Imager application of the Physical Drive because it is in the
In Table 2 shows smartphone 1 and 2 are form of a flash or can be said to drive
already in root condition, but which can be physically. In Figure 5 shows the result of
detected by FTK Imager only smartphone SHA1 Hash.
1 by activating USB Debugging and the
smartphone is detected on ADB.
Table 2 Preliminary Process of Smartphone
Detection with FTK Imager using USB
92
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 89-97
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
93
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 89-97
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
94
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 89-97
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
is_WhatsApp_user,status,status_timestamp,
number.
95
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 89-97
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
the evidence required and obtained. In the 5) User Acceptance Test ( UAT)
artifacts include conversations, photos, voice From the testing results, the percentage of
notes, call history and others, but in this FTK Imager is (60%), Autopsy is (52%),
research researchers only focus on conducting Oxygen Forensic Suite is (44%) the
analysis on conversations stored in the percentage is taken from the highest value in
database only. the discovery of artifacts of the column. Based on liker's interpretation of
evidence or evidence in the form of two the distance category between 41% - 60%
smartphones as shown on Table 3. belonging to a fairly high interpretation, the
Table 3 Information on Findings of Evidence from assessment for the forensic tools and
Both Smartphones at Can applications includes quite appropriate and
Information Smartphone 1 Smartphone 2 can be used as a tool for analyzing forensic
Mobile phone +628133481133 +6281217550
investigations in finding digital evidence.
number 6 285
username Berry Helmy
Contact 72 285 V. CONCLUSION
Conversation 9 20 Based on the stages of Mobile Forensic and the
Encrypted 9 7 flow of the NIST framework conducted in this
Databases research succeeded in producing information
From the results of the above analysis has presented in the form of disclosure of fraudulent
been expressed that the message sent by criminals from findings in the form of evidence
smartphone 2 contains the notification of the artifacts in the form of chat message conversation
sessions, user telephone numbers, message sending
winner of the present and smartphone 1 is the
id numbers, and account owner identities.
recipient of the message. So for the
WhatsApp and get other media files that can be
perpetrator in this scenario is smartphone 2
used as evidence and also the most important
because that sends messages first and contains
encrypted database backup files.
elements of fraud Because of the name of the
agency. Proof that smartphone 2 is the VI. REFERENCES
perpetrator of the crime of fraud shown on 1. G. M. Zamroni, R. Umar, and I. Riadi,
Figure 18. “Forensic Analysis Instant Messaging
Aplication Based on Android,” Annu. Res.
Semin., vol. 2, no. 1, pp. 102–105, 2016.
96
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 8(1): 89-97
The Society of Digital Information and Wireless Communications (SDIWC), 2019 ISSN: 2305-001
97