Abstract
Digital forensics is a field that concerned with finding and presenting evidence sourced from digital devices, such as computers and mobile phones. Most of the forensic analysis software is proprietary, and eventually, specialized analysis software is developed in both the private and public sectors. This paper presents an alternative of forensic analysis tools for digital forensics, which specifically to analyze evidence through keyword indexing and searching. Keyword Indexing and Searching Tool (KIST) is proposed to analyze evidence of interest from WhatsApp chat text files using keyword searching techniques and based on incident types. The tool was developed by adopting the Prototyping model as its methodology. KIST includes modules such as add, edit, remove, display the indexed files, and to add WhatsApp chat text files. Subsequently, the tool is tested using functionality testing and user testing. Functionality testing shows all key functions are working as intended, while users testing indicates the majority of respondents are agree that the tool is able to index and search keyword and display forensic analysis results.
Highlights
Digital forensics is a field of analyzing and interpreting electronic data to be used as digital evidence in a court of law (Reith, Carr, & Gunsch, 2002)
A personal computer that belongs to the suspect or the victim may indicate to the criminal activity, in which a forensic analysis on a personal computer is conducted to provide evidence that can be presented in the court proceedings
We proposed KEYWORD INDEXING AND SEARCHING TOOL (KIST) as a tool with the implementation of keywords searching that is based on incident types
Summary
Digital forensics is a field of analyzing and interpreting electronic data to be used as digital evidence in a court of law (Reith, Carr, & Gunsch, 2002). The increasing use of computing devices posed digital forensics as a significant field to gather digital evidence that may be used to prosecute or to defend a suspect in a court. A personal computer that belongs to the suspect or the victim may indicate to the criminal activity, in which a forensic analysis on a personal computer is conducted to provide evidence that can be presented in the court proceedings. 5) Analysis - forensics investigator uses the appropriate tool to analyze the digital evidence. This study involves the analysis phase in which forensic investigators use the proposed tool to undertake forensic analysis in WhatsApp text file 1) Identification - identify digital evidence from indicators and determines its type. 2) Preservation - the digital evidence found at the crime scene is preserved for further analysis. 3) Collection - record the physical scene and duplicate digital evidence using appropriate procedures. 4) Examination - identifying the potential evidence in order to do an in-depth systematic search with the related evidence to the suspected crime. 5) Analysis - forensics investigator uses the appropriate tool to analyze the digital evidence. 6) Presentation - the last phase that summarizes and explains the conclusion of the investigation process.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
