scholarly journals Identifikasi Bukti Digital WhatsApp pada Sistem Operasi Proprietary Menggunakan Live Forensics

2018 ◽  
Vol 10 (1) ◽  
pp. 18-22
Author(s):  
Imam Riadi ◽  
Sunardi Sunardi ◽  
Muhamad Ermansyah Rauli
Keyword(s):  
Computer Technology ◽  
Rapid Development ◽  
Random Access ◽  
Digital Evidence ◽  
Access Memory ◽  
Digital Forensic ◽  
Instant Messenger ◽  
Forensic Tools ◽  
Live Forensics ◽  
Analyze Data

Rapid development of computer technology is also accompanied with increasing of cybercrime. One of the most common crimes is fraud case in the online shop. This crime  abuses Whatapps, one of the most popular Instant Messenger (IM) applications.  WhatsApp is one of the IM applications that can be used on computers, especially on windows 8.1 operating system. All applications running on the computer leave data and information on Random Access Memory (RAM). The data and information that exist in RAM can be obtained using digital forensic technique calledLive Forensics. Live forensics can be used when the computer is running and connected to the  network. This research aims to find digital evidence related to online shop fraud case. The digital evidence can be obtained using one of the forensic tools FTK Imager. FTK Imager can retrieve and analyze data and information on RAM. The results obtained in this research is the content of WhatsApp conversations that can be used as digital evidence to reveala fraud in the online shop.

scholarly journals Live Forensics Analysis of Line App on Proprietary Operating System

2019 ◽  
pp. 305-314
Author(s):  
Imam Riadi ◽  
Sunardi Sunardi ◽  
Muhamad Ermansyah Rauli
Keyword(s):  
Operating System ◽  
Random Access ◽  
Digital Evidence ◽  
Negative Effects ◽  
Access Memory ◽  
Digital Forensic ◽  
Instant Messenger ◽  
Forensic Tools ◽  
Live Forensics ◽  
Analyze Data

 The development of computer technology is increasing rapidly. This has positive and negative effects. One of the negative effects that occurred was the use of Line applications to conduct online shop fraud. Line is one of the instant messenger applications that can be used on computers, especially on Windows 8.1 operating system computers. Applications that run on the computer leave traces of data on Random Access Memory (RAM). Data left in RAM can be obtained using digital forensic techniques, namely live forensics which is used when the computer is running and connected to the internet. This study aims to find digital evidence regarding cases of online shop fraud using the National Institute of Standards and Technology (NIST) method. Digital evidence can be obtained using forensic tools, namely RamCapturer, FTK Imager and Winhex. RamCapturer is used to acquire data in RAM, FTK Imager is used for imaging and Winhex is used to analyze data that has been taken. The results obtained in this study were conversational recordings consisting of conversation time, conversation content and conversation status which could be digital evidence in uncovering the online shop fraud crime that occurred.

Akuisisi Bukti Digital Viber Messenger Android Menggunakan Metode National Institute of Standards and Technology (NIST)

2021 ◽  
Vol 5 (1) ◽  
pp. 45-54
Author(s):  
Imam Riadi ◽  
Rusydi Umar ◽  
Muhammad Irwan Syahib
Keyword(s):  
Extraction Process ◽  
Text Messages ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Digital Crime ◽  
The World ◽  
Instant Messenger ◽  
Negative Impacts ◽  
Forensic Tools ◽  
Voice Calls

Viber is one of the most popular social media in the Instant Messenger application category that can be used to send text messages, make voice calls, send picture messages and video messages to other users. As many as 260 million people around the world have used this application. Increasing the number of viber users certainly brings positive and negative impacts, one of the negative impacts of this application is the use of digital forensic crime. This research simulates and removes digital crime evidence from the viber application on Android smartphones using the National Institute of Standards Technology (NIST) method, which is a method that has work guidelines on forensic policy and process standards to ensure each investigator follows the workflow the same so that their work is documented and the results can be accounted for. This study uses three forensic tools, MOBILedit Forensic Express, Belkasoft and Autopsy. The results in this study show that MOBILedit Forensic Express gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. Belkasoft gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. For Autopsy does not give the expected results in the extraction process, in other words the Autopsy application gives zero results. It can be concluded that MOBILedit Forensic Express and Belkasoft have a good performance compared to Autopsy and thus this research has been completed and succeeded in accordance with the expected goals.

scholarly journals Analisis Bukti Digital pada Telegram Messenger Menggunakan Framework NIST

Repositor ◽  
2020 ◽  
Vol 2 (10) ◽  
Author(s):  
Salma Azizah ◽  
Sri Ayu Ramadhona ◽  
Kenny Willy Gustitio
Keyword(s):  
Random Access ◽  
Random Access Memory ◽  
Access Memory ◽  
Instant Messenger ◽  
Live Forensics

Kejahatan dunia maya semakin meningkat seiring dengan berkembangnya teknologi yang meningkat. Kasus kejahatan penipuan online shop menjadi salah satu tindak kejahatan yang sering terjadi. Kejahatan ini memanfaatkan salah satu aplikasi Instant Messenger yang cukup populer yaitu Telegram. Telegram berbasis desktop merupakan salah satu aplikasi yang dapat dijalankan pada komputer, khususnya komputer sistem operasi Windows 10. Semua aplikasi yang dijalankan pada komputer meninggalkan data dan informasi pada Random Access Memory (RAM). Data dan informasi tersebut dapat diperoleh dari RAM menggunakan teknik live forensics yang dapat digunakan ketika komputer sedang berjalan dan terkoneksi internet. Penelitian ini bertujuan untuk menemukan bukti digital pada kasus penipuan online shop. Bukti digital tersebut diperoleh dengan menggunakan tools FTK Imager dengan mengakuisisi RAM pada komputer untuk mendapatkan data dan informasi pada RAM. Hasil penelitian ini diperoleh bukti percakapan antara tersangka dan korban menggunakan Telegram untuk mengungkap tindak kejahatan penipuan online shop.

Forensic Data Extraction and Analysis of Left Artifacts on emulated Android Phones: A Case Study of Instant Messaging Applications

2017 ◽  
Vol 2 (11) ◽  
pp. 8-16
Author(s):  
Moses Ashawa ◽  
Innocent Ogwuche
Keyword(s):  
Mobile Phones ◽  
Instant Messaging ◽  
Data Extraction ◽  
Digital Evidence ◽  
Cyber Attack ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Proportional Increase ◽  
Forensic Tools

The fast-growing nature of instant messaging applications usage on Android mobile devices brought about a proportional increase on the number of cyber-attack vectors that could be perpetrated on them. Android mobile phones store significant amount of information in the various memory partitions when Instant Messaging (IM) applications (WhatsApp, Skype, and Facebook) are executed on them. As a result of the enormous crimes committed using instant messaging applications, and the amount of electronic based traces of evidence that can be retrieved from the suspect’s device where an investigation could convict or refute a person in the court of law and as such, mobile phones have become a vulnerable ground for digital evidence mining. This paper aims at using forensic tools to extract and analyse left artefacts digital evidence from IM applications on Android phones using android studio as the virtual machine. Digital forensic investigation methodology by Bill Nelson was applied during this research. Some of the key results obtained showed how digital forensic evidence such as call logs, contacts numbers, sent/retrieved messages, and images can be mined from simulated android phones when running these applications. These artefacts can be used in the court of law as evidence during cybercrime investigation.

scholarly journals Live Forensics on GPS inactive Smartphone

2021 ◽  
Vol 3 (1) ◽  
pp. 32-44
Author(s):  
Nuril Anwar ◽  
Murein Miksa Mardhia ◽  
Luthfi Ryanto
Keyword(s):  
Random Access ◽  
Random Access Memory ◽  
Cloud Services ◽  
Access Memory ◽  
Location Data ◽  
Running System ◽  
User Data ◽  
Data Location ◽  
User Location ◽  
Live Forensics

Google is known to still track the user's location despite the GPS settings and location history in smartphone settings has been turned off by the user. This requires special handling to prove the location on smartphones with inactive GPS and view its Location History previously used by user. The research investigates if Google is still recording its user data location. Live Forensic requires data from the running system or volatile data which is usually found in Random Access Memory (RAM) or transit on the network. Investigations are carried out using a Google account with a method used by live forensics to obtain results from the location history. Smartphones have been checked manually through data backup through custom recovery that has been installed. When checking the backup filesystem, turned out that no location data is stored. Therefore, researchers conducted an analysis on the Google Account which was analyzed using a forensic tool to analyze cloud services to obtain location data results. The results of the analysis carried out obtained a similarity in location from 8-days investigations. Google can still find the location of smartphones with GPS disabled, but the location results are not accurate. Google can store user location data via cellular networks, Wi-Fi, and sensors to help estimate the user's location. The process of extracting the results from the google maps log using a Google account will be analyzed using the Elcomsoft Cloud eXplorer and Oxygen Forensic Cloud Extractor so that the log location results are still available by Google.

scholarly journals Analisis Live Forensics Pada Keamanan Browser Untuk Mencegah Pencurian Akun (Studi Kasus: Facebook dan Instagram)

2020 ◽  
Vol 11 (2) ◽  
pp. 174-185
Author(s):  
Ratri Ayunita Kinasih ◽  
Arif Wirawan Muhammad ◽  
Wahyu Adi Prabowo
Keyword(s):  
Random Access ◽  
Random Access Memory ◽  
Access Memory ◽  
Mozilla Firefox ◽  
Live Forensics

Pencurian data digital sangat meresahkan pengguna media sosial, terlebih pengguna Facebook dan Instagram yang merupakan media sosial dengan jumlah pengguna terbanyak. Browser yang digunakan untuk mengakses media sosial harus terjamin keamanannya. Analisis browser untuk mengetahui browser mana yang paling aman digunakan untuk mengakses media sosial sangat penting. Agar pengguna media sosial tidak perlu khawatir terjadi pencurian data. Browser yang akan dianalisis yaitu Google Chrome, Mozilla Firefox, dan Microsoft Edge. Penelitian ini dilakukan menggunakan skenario dengan menggunakan teknik live forensics agar data yang didapatkan masih terekam dalam Random Access Memory (RAM), khususnya data volatile seperti email dan password. Dalam penelitian ini didapatkan bukti digital seperti email, password, username, dan data-data pribadi lainnya dengan menggunakan tools FTK Imager.   Kata kunci: Browser, Facebook, FTK Imager, Instagram, Live Forensics

scholarly journals MAGNETORESISTIVE RANDOM ACCESS MEMORY

2017 ◽  
Vol 8 (2) ◽  
Author(s):  
Slobodan Obradović ◽  
Borivoje Milošević ◽  
Nikola Davidović
Keyword(s):  
Data Storage ◽  
Rapid Development ◽  
Magnetic Moments ◽  
Random Access ◽  
Random Access Memory ◽  
Secondary Memory ◽  
Magnetic Storage ◽  
Access Memory ◽  
Ferroelectric Crystal ◽  
Memory Space

For decades, the memory hierarchy was determined based on latency, bandwidth, and cost between processors, random access memory (RAM), and secondary memory. Although the gap between the processor and RAM has been dampened by fast cache memory, the gap between RAM and secondary memory has remained challenging, expanding to 12 size range in 2015 and continuing to expand by around 50% per year. The rapid development of nanotechnology has triggered a new field in the organization of memory space. For more than a decade, FRAM - ferro random access memory has been in use, which keeps data in the form of a polarization of the ferroelectric crystal that does not lose polarization after the power is turned off. The real revolution is expected in the use of magnetic resonance random access memory (MRAM), which represents data storage technology using magnetic moments, not electric charges. Unlike conventional RAM chips, data in MRAM are not stored as an electrical charge, but with magnetic storage elements. The advantage of this memory is energy independence, that is, the storage of recorded data and the absence of power supply. MRAM has similar properties as SRAM, similar to the density of the record as dynamic RAM (DRAM), with much less consumption, and in relation to flash, it is much faster and with time does not degrade its performance. Theoretically, there is no limit to the number of read and write, so new memories could last unlimited. The paper will discuss this new type of memory organization.

scholarly journals LIVE FORENSIK UNTUK ANALISA ANTI FORENSIK PADA WEB BROWSER STUDI KASUS BROWZAR

2019 ◽  
Vol 1 (1) ◽  
pp. 32
Author(s):  
Tri Rochmadi
Keyword(s):  
Rapid Development ◽  
Access Time ◽  
Digital Evidence ◽  
The Internet ◽  
Business Organizations ◽  
Web Page ◽  
Criminal Cases ◽  
Web Browser ◽  
User Access ◽  
Analyze Data

Cybercrime continues to increase and innovate along with the rapid development of internet and more easily accessible everywhere. Most business organizations have used the internet for its operations so that the use of browsers is a necessity to support work. So that the browser also adjusts to improve security on the user's side so that information accessed by users cannot be known by other users. Browzar is a browser that answers these challenges, where Browzar can run without having to be installed on the computer and automatically deletes information generated by the use of the browser itself. However, these advantages become a challenge for investigators because these advantages can be exploited by cybercriminals to eliminate, minimize existing digital evidence. This study intends to analyze and find digital evidence in criminal cases using Browzar with Live Forensic. Digital evidence is obtained using dumpit for data acquisition and forensic volatility memory and winhex to analyze data and information on RAM. Results of the study were able to obtain information that could be used for digital evidence on Browzar web browser, namely URL history, account used log in, namely username and password, timestamp, that is, the user access time to a web page.

scholarly journals Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems

2020 ◽  
pp. 155-160
Author(s):  
Danar Cahyo Prakoso ◽  
Imam Riadi ◽  
Yudi Prayudi
Keyword(s):  
Operating System ◽  
Information Technology ◽  
Operating Systems ◽  
Digital Forensics ◽  
Digital Evidence ◽  
Analysis Tool ◽  
Digital Forensic ◽  
Digital Era ◽  
Rule Out ◽  
Live Forensics

Information technology has become an essential thing in the digital era as it is today. With the support of computer networks, information technology is used as a medium for exchanging data and information. Much information is confidential. Therefore, security is also essential. Metasploit is one of the frameworks commonly used by penetration testers to audit or test the security of a computer system legally, but it does not rule out the possibility that Metasploit can also be used for crime. For this reason, it is necessary to carry out a digital forensic process to uncover these crimes. In this study, a simulation of attacks on Windows 10 will be carried out with Metasploit. Then the digital forensics process uses live forensics techniques on computer RAM, where the computer RAM contains information about the processes running on the computer. The live forensic technique is important because information on RAM will be lost if the computer is off. This research will use FTK Imager, Dumpit, and Magnet RAM Capture as the RAM acquisition tool and Volatility as the analysis tool. The results of the research have successfully shown that the live forensics technique in RAM is able to obtain digital evidence in the form of an attacker's IP, evidence of exploits/Trojans, processes running on RAM, operating system profiles used and the location of the exploits/Trojan when executed by the victim.

scholarly journals Comparative analysis of Forensic Tools on Twitter applications using the DFRWS method

2020 ◽  
Vol 4 (5) ◽  
pp. 829-836
Author(s):  
Ikhsan Zuhriyanto ◽  
Anton Yudhana ◽  
Imam Riadi
Keyword(s):  
Social Media ◽  
Hate Speech ◽  
Smartphone Application ◽  
Digital Evidence ◽  
Forensic Evidence ◽  
Digital Forensic ◽  
Research Workshop ◽  
The Social ◽  
Forensic Tools ◽  
Media Applications

Current crime is increasing, one of which is the crime of using social media, although no crime does not leave digital evidence. Twitter application is a social media that is widely used by its users. Acts of crime such as fraud, insults, hate speech, and other crimes lately use many social media applications, especially Twitter. This research was conducted to find forensic evidence on the social media Twitter application that is accessed using a smartphone application using the Digital Forensics Research Workshop (DFRWS) method. These digital forensic stages include identification, preservation, collection, examination, analysis, and presentation in finding digital evidence of crime using the MOBILedit Forensic Express software and Belkasoft Evidence Center. Digital evidence sought on smartphones can be found using case scenarios and 16 variables that have been created so that digital proof in the form of smartphone specifications, Twitter accounts, application versions, conversations in the way of messages and status. This study's results indicate that MOBILedit Forensic Express digital forensic software is better with an accuracy rate of 85.75% while Belkasoft Evidence Center is 43.75%.

Sign in / Sign up

Export Citation Format

Share Document