scholarly journals Application of Static Forensics Method for Extracting Steganographic Files on Digital Evidence Using the DFRWS Framework

2020 ◽  
Vol 4 (3) ◽  
pp. 576-583
Author(s):  
Sunardi ◽  
Imam Riadi ◽  
Muh. Hajar Akbar
Keyword(s):  
Digital Forensics ◽  
Digital Evidence ◽  
Hide Information ◽  
Research Workshop ◽  
Digital Crime ◽  
The Right ◽  
Original Information

Steganography is one of the anti-forensic techniques that allow criminals to hide information in other messages so that during the investigation, the investigator will experience problems and difficulty in getting evidence of original information on the crime. Therefore an investigator is required to have the ability to be able to find and extract (decoding) using the right tools when opening messages that have been inserted by steganography techniques. The purpose of this study is to analyze digital evidence using the static forensics method by applying the six stages to the Digital Forensics Research Workshop (DFRWS) framework and extracting steganography on files that have been compromised based on case scenarios involving digital crime. The tools used are FTK Imager, Autopsy, WinHex, Hiderman, and StegSpy. The results of extraction of 9 out of 10 files that were scanned by steganography files had 90% success and 10% of steganography files were not found, so it can be concluded that the extraction files in steganographic messages can be used as legal digital proofs according to law.  

scholarly journals Audio Forensics on Smartphone with Digital Forensics Research Workshop (DFRWS) Method

2021 ◽  
Vol 15 (1) ◽  
pp. 41-47
Author(s):  
Sunardi Sunardi ◽  
Imam Riadi ◽  
Rusydi Umar ◽  
Muhammad Fauzan Gustafi
Keyword(s):  
Digital Forensics ◽  
Digital Evidence ◽  
Forensic Application ◽  
Audio Forensics ◽  
Hide Information ◽  
Research Workshop ◽  
Information Forensics ◽  
Research Objects ◽  
Audio Files ◽  
Live Forensics

Audio is one of the digital items that can reveal a happened case. However, audio evidence can also be manipulated and changed to hide information. Forensics audio is a technique to identify the sound’s owner from the audio using pitch, formant, and spectrogram parameters. The conducted research examines the similarity of the original sound with the manipulated voice to determine the owner of the sound. It analyzes the level of similarity or identical sound using spectrogram analysis with the Digital Forensics Research Workshop (DFRWS) Method. The research objects are original and manipulated files. Both files are in mp3 format, which is encoded to WAV format. Then, the live forensics method is used by picking up the data on a smartphone. Several applications are also used. The results show that the research successfully gets digital evidence on a smartphone with the Oxygen Forensic application. It extracts digital evidence in the form of two audio files and two video files. Then, by the hashing process, the four obtained files are proven to be authentic. Around 90% of the data are identical to the original voice recording. Only 10% of the data are not identical.

Cyber Forensics Evolution and Its Goals

2020 ◽  
pp. 16-30
Author(s):  
Mohammad Zunnun Khan ◽  
Anshul Mishra ◽  
Mahmoodul Hasan Khan
Keyword(s):  
Life Cycle ◽  
Personal Computer ◽  
Police Officers ◽  
Digital Forensics ◽  
Computer Forensics ◽  
Digital Evidence ◽  
Cyber Forensics ◽  
Forensic Research ◽  
Research Workshop

This chapter includes the evolution of cyber forensics from the 1980s to the current era. It was the era when computer forensics came into existence after a personal computer became a viable option for consumers. The formation of digital forensics is also discussed here. This chapter also includes the formation of cyber forensic investigation agencies. Cyber forensic life cycle and related phases are discussed in detail. Role of international organizations on computer evidence is discussed with the emphasize on Digital Forensic Research Workshop (DFRWS), Scientific Working Group on Digital Evidence (SWDGE), chief police officers' involvement. Authenticity-, accuracy-, and completeness-related pieces of evidence are also discussed. The most important thing that is discussed here is the cyber forensics data.

scholarly journals IDENTIFICATION OF DIGITAL EVIDENCE FACEBOOK MESSENGER ON MOBILE PHONE WITH NATIONAL INSTITUTE OF STANDARDS TECHNOLOGY (NIST) METHOD

Kursor ◽  
2019 ◽  
Vol 9 (3) ◽  
Author(s):  
Anton Yudhana ◽  
Imam Riadi ◽  
Ikhwan Anshori
Keyword(s):  
Social Media ◽  
Performance Evaluation ◽  
Mobile Phone ◽  
Digital Forensics ◽  
Negative Impact ◽  
Digital Evidence ◽  
Negative Effects ◽  
Acquisition Process ◽  
Digital Crime ◽  
Forensic Tools

Facebook Messenger is a popular social media. The increasing number of Facebook Messenger users certainly has a positive and negative impact, one of the negative effects is being used for digital crime. One of the sciences to get digital evidence is to do Digital forensics. Digital forensics can be done on a smartphone used by criminals. This research will carry out as much evidence of digital crime as possible from Facebook Messenger. In this study the forensic devices, Magnet AXIOM and Oxygen Forensics Suite 2014 were used using the National Institute of Standards Technology (NIST) method. NIST has work guidelines for both policies and standards to ensure that each examiner follows the same workflow so that their work is documented and the results can be repeated and maintained. The results of the research in the Magnet AXIOM and Oxygen Forensics Suite 2014 get digital evidence in the form of accounts, conversation texts, and images. This study successfully demonstrated the results of an analysis of forensic devices and digital evidence on Facebook Messenger. The results of the performance evaluation of forensic tools in the acquisition process using AXIOM Magnets are considered the best compared to Oxygen Forensics Suite 2014.

scholarly journals A Survey on Digital Forensic Investigation Practitioners Approach and Challenges

2021 ◽  
Vol 9 (VI) ◽  
pp. 2733-2736
Author(s):  
Prof. Sachin Babulal Jadhav
Keyword(s):  
Data Collection ◽  
Digital Forensics ◽  
Electronic Devices ◽  
Digital Evidence ◽  
Cyber Crime ◽  
Forensic Investigation ◽  
Digital Forensic ◽  
Digital Crime ◽  
Entire World ◽  
Investigation Process

Digital crimes are taking place over the entire world. For any digital crime which commit at any part of world, computer or any electronic devices are used. The devices which are used to commit the crime are useful evidences which must be identified and protected for further use. The crimes involving electronic devices are called as cyber-crime. To investigate such crimes, a scientific procedures needs to be followed. The data collection, analysis, preservation and presentation of digital evidence is must in order investigate the cybercrime. This paper highlights the practices that are used worldwide in the investigation process of cyber-crime. Keywords: Digital Forensics, Analysis, Investigation, models of investigation.

scholarly journals Investigating Cyberbullying on WhatsApp Using Digital Forensics Research Workshop

2020 ◽  
Vol 4 (4) ◽  
pp. 730-735
Author(s):  
Imam Riadi ◽  
Sunardi ◽  
Panggah Widiandana
Keyword(s):  
Social Media ◽  
Digital Forensics ◽  
Instant Messaging ◽  
Cosine Similarity ◽  
Digital Evidence ◽  
Forensic Research ◽  
Digital Forensic ◽  
Research Workshop ◽  
Similarity Method ◽  
Different Levels

Cyberbullying in group conversations in one of the instant messaging applications is one of the conflicts that occur due to social media, specifically WhatsApp. This study conducted digital forensics to find evidence of cyberbullying by obtaining work in the Digital Forensic Research Workshop (DFRWS). The evidence was investigated using the MOBILedit Forensic Express tool as an application for evidence submission and the Cosine Similarity method to approve the purchase of cyberbullying cases. This research has been able to conduct procurement to reveal digital evidence on the agreement in the Group's features using text using MOBILedit. Identification using the Cosine method. Similarities have supported actions that lead to cyberbullying with different levels Improved Sqrt-Cosine (ISC) value, the largest 0.05 and the lowest 0.02 based on conversations against requests.  

Applying Digital Forensics to Service Oriented Architecture

2020 ◽  
Vol 17 (1) ◽  
pp. 17-42
Author(s):  
Aymen Akremi ◽  
Hassen Sallay ◽  
Mohsen Rouached ◽  
Rafik Bouaziz
Keyword(s):  
Digital Forensics ◽  
Service Oriented Architecture ◽  
Research Field ◽  
Digital Evidence ◽  
Management Framework ◽  
Forensic Research ◽  
Digital Crime ◽  
Service Oriented ◽  
Tools And Techniques ◽  
Different Sources

Digital forensics is an emerging research field involving critical technologies for obtaining evidence in digital crime investigations. Several methodologies, tools, and techniques have been developed to deal with the acquisition, preservation, examination, analysis, and presentation of digital evidence from different sources. However, new emerging infrastructures such as service-oriented architecture has brought new serious challenges for digital forensic research to ensure that evidence will be neutral, comprehensive, and reliable in such complex environment is a challenging research task. To address this issue, the authors propose in this article a generic conceptual model for digital forensics methodologies to enable their application in a service-oriented architecture. Challenges and requirements to construct a forensically sound evidence management framework for these environments are also discussed. Finally, the authors show how digital forensics standards and recommendations can be mapped to service-oriented architecture.

scholarly journals An Abstraction Based Approach for Reconstruction of TimeLine in Digital Forensics

Symmetry ◽  
2020 ◽  
Vol 12 (1) ◽  
pp. 104 ◽  
Author(s):  
Sandeepak Bhandari ◽  
Vacius Jusas
Keyword(s):  
Digital Forensics ◽  
Specific Property ◽  
Innovative Technology ◽  
Uniform Structure ◽  
Digital Evidence ◽  
Java Programming ◽  
Digital Crime ◽  
Challenging Tasks ◽  
Abstract Level ◽  
Forensic Tools

Acquiring a clear perspective of events and artefacts that occur over time is a challenging objective to accomplish in digital forensics. Reconstruction of the timeline of events and artefacts, which enables digital investigators to understand the timeline of digital crime and interpret the conclusion in the form of digital evidence, is one of the most paramount and challenging tasks in digital forensics. This challenging task requires the analysis of immense amounts of events because of the explosive growth of the internet, interconnected devices, and innovative technology nowadays. Various approaches have been developed during the last decade, but most of them are not able to handle huge volumes of data, explore evidence, and enhance the understandability of timelines in a competent way to assist the investigator. For this purpose, we introduce a methodology backed by an abstraction concept and forensic tools that can support investigators during the reconstruction, understanding of the timeline of events and artefacts, and interpretation of evidence by tracing the activities performed by users of the typical computer system. The Java programming language is used to implement the proposed methodology, which is object-oriented and follows the symmetry definition in software. Generally, symmetry in software can be viewed as an invariant change that aims to preserve a specific property of the system, namely its structure, behaviour, regularity, similarity, familiarity and uniformity. Similarly, the abstraction-based methodology also permits us to follow the properties of symmetry. For instance, a uniform structure is stipulated for all the sources at the particular level of abstraction, such as the number of fields to be considered to provide the abstract level of timeline. The primary purpose of this approach is to assist with the analysis of the timeline in an optimum way. This paper illustrates the approach and then focuses on conceptual aspects of the methodology. The performed experiment shows that the proposed approach enhanced the analysis of the timeline.

Forensic Analysis of Artifacts of Giant Instant Messaging “WhatsApp” in Android Smartphone

2018 ◽  
Vol 5 (2) ◽  
pp. 73-83
Author(s):  
Hussein Abed Ghannam
Keyword(s):  
Instant Messaging ◽  
Smart Phone ◽  
Forensic Analysis ◽  
Digital Evidence ◽  
Terror Attack ◽  
Left Behind ◽  
Digital Crime ◽  
Internal Storage ◽  
Network Forensic ◽  
Electronic Crime

WhatsApp is a giant mobile instant message IM application with over 1billion users. The huge usage of IM like WhatsApp through giant smart phone “Android” makes the digital forensic researchers to study deeply. The artefacts left behind in the smartphone play very important role in any electronic crime, or any terror attack. “WhatsApp” as a biggest IM in the globe is considered to be very important resource for information gathering about any digital crime. Recently, end-to-end encryption and many other important features were added and no device forensic analysis or network forensic analysis studies have been performed to the time of writing this paper. This paper explains how can we able to extract the Crypt Key of “WhatsApp” to decrypt the databases and extract precious artefacts resides in the android system without rooting the device. Artefacts that extracted from the last version of WhatsApp have been analysed and correlate to give new valuable evidentiary traces that help in investigating. Many hardware and software tools for mobile and forensics are used to collect as much digital evidence as possible from persistent storage on android device. Some of these tools are commercial like UFED Cellebrite and Andriller, and other are open source tools such as autopsy, adb, WhatCrypt. All of these tools that forensically sound accompanied this research to discover a lot of artefacts resides in android internal storage in WhatsApp application.

scholarly journals ANALISIS FORENSIK UNTUK MENDETEKSI KEASLIAN CITRA DIGITAL MENGGUNAKAN METODE NIST

2020 ◽  
Vol 3 (2) ◽  
pp. 72-81
Author(s):  
Khairunnisak Khairunnisak ◽  
Hamid Ashari ◽  
Adam Prayogo Kuncoro
Keyword(s):  
Extraction Process ◽  
Digital Evidence ◽  
Legal Regulations ◽  
Image Sharpness ◽  
Hidden Information ◽  
Analysis Process ◽  
Specific Objective ◽  
Collection Phase ◽  
Original Information

Currently, the changes in image quality resulting a low-resolution images, faded colors, and so on. This condition potentially attract irresponsible parties to take advantage of the situation for certain purposes. Nowadays, it is very easy for people to manipulate, change, or delete the original information from a digital image thus cause the authenticity and integrity of the image to be doubted. This study is conducted in a specific objective to prove the authenticity of a digital evidence for analysis by providing detailed illustrations of the role of Digital Forensics in accordance with applicable legal regulations in Indonesia using the NIST workflow. The research flow begins with uncovering the background of the problem, collecting data, making scenarios, applying the NIST method, and making conclusions. The illustration used in the scenario is a video inserted into a digital evidence. The video used in this research is the Cyanide Coffee Case with the suspect Wayan Mirna Salihin, happened in August 16, 2016 which was uploaded by Kompas TV channel on Youtube. The NIST analysis phases used several tools: Exiftools, Forevid, and Video Cleaner. The result indicates that all phases in the NIST method are correlated to each other. The result is specifically very clear in the collection phase. The discovery of hidden information causes the examination and analysis process to be more complex especially the extraction process of digital evidence in the form of images. Indeed, the use of various tools are more helpful in disclosing the existing information. This information can be seen from the results of metadata, hash value, and image sharpness from the analyzed digital evidence.

Akuisisi Bukti Digital Viber Messenger Android Menggunakan Metode National Institute of Standards and Technology (NIST)

2021 ◽  
Vol 5 (1) ◽  
pp. 45-54
Author(s):  
Imam Riadi ◽  
Rusydi Umar ◽  
Muhammad Irwan Syahib
Keyword(s):  
Extraction Process ◽  
Text Messages ◽  
Digital Evidence ◽  
Digital Forensic ◽  
Digital Crime ◽  
The World ◽  
Instant Messenger ◽  
Negative Impacts ◽  
Forensic Tools ◽  
Voice Calls

Viber is one of the most popular social media in the Instant Messenger application category that can be used to send text messages, make voice calls, send picture messages and video messages to other users. As many as 260 million people around the world have used this application. Increasing the number of viber users certainly brings positive and negative impacts, one of the negative impacts of this application is the use of digital forensic crime. This research simulates and removes digital crime evidence from the viber application on Android smartphones using the National Institute of Standards Technology (NIST) method, which is a method that has work guidelines on forensic policy and process standards to ensure each investigator follows the workflow the same so that their work is documented and the results can be accounted for. This study uses three forensic tools, MOBILedit Forensic Express, Belkasoft and Autopsy. The results in this study show that MOBILedit Forensic Express gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. Belkasoft gets digital evidence with a percentage of 100% in getting accounts, contacts, pictures and videos. While proof of digital chat is only 50%. For Autopsy does not give the expected results in the extraction process, in other words the Autopsy application gives zero results. It can be concluded that MOBILedit Forensic Express and Belkasoft have a good performance compared to Autopsy and thus this research has been completed and succeeded in accordance with the expected goals.

Sign in / Sign up

Export Citation Format

Share Document