Live Forensic to Identify the Digital Evidence on the Desktop-based WhatsApp

  • Triawan Adi Cahyanto Universitas Muhammadiyah Jember
  • M Ainul Rizal Universitas Muhammadiyah Jember
  • Ari Eko Wardoyo Universitas Muhammadiyah Jember
  • Taufiq Timur Warisaji Universitas Muhammadiyah Jember
  • Daryanto Universitas Muhammadiyah Jember
Keywords: Live Forensics, Data Acquisition, Digital Evidence, Volatile Data, WhatsApp Dekstop

Abstract

The live forensics method was used to acquire lawful digital evidence data from device memory in the WhatsApp application, particularly for desktop-based WhatsApp. There has been little research on live forensics on desktop-based WhatsApp applications. These studies involve mimicking crime cases in cyberspace using the Instant Messenger application. Much of the acquisition process is completed only once, even though many possible conditions may arise during the purchase process. Investigators or experts can employ digital evidence data discovery to identify crimes that have occurred. The stages of research in detecting digital evidence are data collecting, the examination process, and the acquisition of analysis and reporting outcomes. During the data-gathering phase, a case simulation dataset was obtained. The examination process stage results in the integrity of the duplicated data; data reduction is performed on data related to fundamental operating system components, influential application features, and incomplete data. According to the investigation findings, there are difficulties in looking for digital evidence, and the features of each digital evidence vary. The simulation file contained many reports on the finds of digital evidence. As a data acquisition method, the characteristics of live forensics are limited to the data retrieval process in RAM. Based on these findings, it is possible to conclude that the data collection and examination processing were completed effectively. The analysis results were acquired, and the report was presented with the indicated digital evidence. Further study can be paired with chip-off procedures on RAM devices for data recovery.

Downloads

Download data is not yet available.

References

M. A. Yaqin, T. A. Cahyanto, and N. Q. Fitriyah, “Metode Live Memory Acquisition untuk Pencarian Artefak Digital Perangkat Memori Laptop Berdasarkan Simulasi Kasus Kejahatan Siber,” vol. 2, no. 2, pp. 87–94, 2021, doi: https://doi.org/10.37148/bios.v2i2.28.

D. S. Yudhistira, I. Riadi, and Y. Prayudi, “Live Forensics Analysis Method For Random Access Memory On Laptop Devices,” Int. J. Comput. Sci. Inf. Secur., vol. 16, no. 4, pp. 188–192, 2018, [Online]. Available: https://www.researchgate.net/publication/324994027_Live_Forensics_Analysis_Method_For_Random_Access_Memory_On_Laptop_Devices.

R. Umar, A. Yudhana, and M. Nur Faiz, “Analisis Kinerja Metode Live Forensics Untuk Investigasi Random Access Memory Pada Sistem Proprietary,” Pros. Konf. Nas. Ke- 4 Asos. Progr. Pascasarj. Perguru. Tinggi Muhammadiyah, pp. 207–211, 2016, [Online]. Available: https://mti.uad.ac.id/download/analisis-kinerja-metode-live-forensics-untuk-investigasi-random-access-memory-pada-sistem-proprietary/.

M. S. Ahmad, I. Riadi, and Y. Prayudi, “Investigasi Live Forensik Dari Sisi Pengguna Untuk Menganalisa Serangan Man in the Middle Attack Berbasis Evil Twin,” Ilk. J. Ilm., vol. 9, no. 1, pp. 1–8, 2017, doi: 10.33096/ilkom.v9i1.103.1-8.

S. Rahman and M. N. A. Khan, “Review of Live Forensic Analysis Techniques,” Int. J. Hybrid Inf. Technol., vol. 8, no. 2, pp. 379–388, 2015, doi: 10.14257/ijhit.2015.8.2.35.

M. N. Faiz, R. Umar, and A. Yudhana, “Analisis Live Forensics Untuk Perbandingan Kemananan Email Pada Sistem Operasi Proprietary,” Ilk. J. Ilm., vol. 8, no. 3, pp. 242–247, 2016, doi: 10.33096/ilkom.v8i3.79.242-247.

A. Socała and M. Cohen, “Automatic profile generation for live linux memory analysis,” DFRWS 2016 EU - Proc. 3rd Annu. DFRWS Eur., vol. 16, pp. S11–S24, 2016, doi: 10.1016/j.diin.2016.01.004.

T. D. Larasati and B. C. Hidayanto, “Analisis Live Forensics Untuk Perbandingan Aplikasi Instant Messenger Pada Sistem Operasi Windows 10,” no. November, p. 200, 2017, [Online]. Available: https://repository.its.ac.id/42778/1/5213100099-Undergraduate_Theses.pdf.

M. P. Gupta, “Capturing Ephemeral Evidence Using Live Forensics,” IOSR J. Electron. Commun. Eng., pp. 109–113, 2013, [Online]. Available: https://www.iosrjournals.org/iosr-jece/papers/NCNS/109-113.pdf.

A. Yudhana, I. Riadi, and I. Zuhriyanto, “Analisis Live Forensics Aplikasi Media Sosial Pada Browser Menggunakan Metode Digital Forensics Research Workshop (DFRWS),” J. TECHNO, vol. 20, no. 2, pp. 125–130, 2019, doi: 10.30595/techno.v20i2.4594.

R. J. Mcdown, C. Varol, L. Carvajal, and L. Chen, “In-Depth Analysis of Computer Memory Acquisition Software for Forensic Purposes,” J. Forensic Sci., vol. 61, no. January, pp. 110–116, 2016, doi: 10.1111/1556-4029.12979.

B. Actoriano and I. Riadi, “Forensic Investigation on Whatsapp Web Using Framework Integrated Digital Forensic Investigation Framework Version 2,” Int. J. Cyber-Security Digit. Forensics, vol. 7, no. 4, pp. 410–419, 2018, doi: 10.17781/P002480.

S. D. Utami, C. Carudin, and A. A. Ridha, “Analisis Live Forensic Pada Whatsapp Web Untuk Pembuktian Kasus Penipuan Transaksi Elektronik,” Cyber Secur. dan Forensik Digit., vol. 4, no. 1, pp. 24–32, 2021, doi: 10.14421/csecurity.2021.4.1.2416.

M. Riskiyadi, “Investigasi Forensik Terhadap Bukti Digital Dalam Mengungkap Cybercrime,” Cyber Secur. dan Forensik Digit., vol. 3, no. 2, pp. 12–21, 2020, doi: https://doi.org/10.14421/csecurity.2020.3.2.2144.

I. Riadi and P. Widiandana, “Investigasi Cyberbullying pada WhatsApp Menggunakan Digital Forensics Research Workshop,” J. RESTI (Rekayasa Sist. Dan Teknol. Informasi), vol. 4, no. 4, pp. 730–735, 2020, doi: https://doi.org/10.29207/resti.v4i4.2161.

M. A. Rizal, “Dataset Hasil Akuisisi.” 2022, [Online]. Available: https://drive.google.com/drive/folders/1IC_l5s_qty1JU2oiOoTIiyL4WPSZkFh6?usp=sharing.

A. Goeritno, D. Nurmansyah, and Maswan, “Safety instrumented systems to investigate the system of instrumentation and process control on the steam purification system,” Int. J. Saf. Secur. Eng., vol. 10, no. 5, pp. 609–616, 2020, doi: 10.18280/ijsse.100504.

A. Goeritno, I. Nugraha, S. Rasiman, and A. Johan, “Injection current into the power transformer as an internal fault phenomena for measuring the differential relay performance,” Instrum. Mes. Metrol., vol. 19, no. 6, pp. 443–451, 2020, doi: 10.18280/I2M.190605.

A. Goeritno and F. Hendryan, “Monitoring dan Kendali Tegangan Jaringan Listrik Fase-tiga melalui Smartphone,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 1, pp. 32–40, 2022, doi: 10.29207/resti.v6i1.3662.

I. Riadi, S. Sunardi, and M. E. Rauli, “Identifikasi Bukti Digital WhatsApp pada Sistem Operasi Proprietary Menggunakan Live Forensics,” J. Tek. Elektro, vol. 10, no. 1, pp. 18–22, 2018, doi: 10.15294/jte.v10i1.14070.

N. Anwar and I. Riadi, “Analisis Investigasi Forensik WhatsApp Messanger Smartphone Terhadap WhatsApp Berbasis Web,” J. Ilm. Tek. Elektro Komput. dan Inform., vol. 3, no. 1, p. 1, 2017, doi: 10.26555/jiteki.v3i1.6643.

Published
2022-04-20
How to Cite
Triawan Adi Cahyanto, Rizal, M. A., Ari Eko Wardoyo, Taufiq Timur Warisaji, & Daryanto. (2022). Live Forensic to Identify the Digital Evidence on the Desktop-based WhatsApp. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 6(2), 213 - 219. https://doi.org/10.29207/resti.v6i2.3849
Section
Information Technology Articles