Live Forensic to Identify the Digital Evidence on the Desktop-based WhatsApp

Abstract

The live forensics method was used to acquire lawful digital evidence data from device memory in the WhatsApp application, particularly for desktop-based WhatsApp. There has been little research on live forensics on desktop-based WhatsApp applications. These studies involve mimicking crime cases in cyberspace using the Instant Messenger application. Much of the acquisition process is completed only once, even though many possible conditions may arise during the purchase process. Investigators or experts can employ digital evidence data discovery to identify crimes that have occurred. The stages of research carried out in detecting digital evidence are data collecting, the examination process, and the acquisition of analysis and reporting outcomes. During the data-gathering phase, a case simulation dataset was obtained. The examination process stage results in the integrity of the duplicated data; data reduction is performed on data related to fundamental operating system components, influential application features, and incomplete data. According to the investigation findings, there are difficulties in looking for digital evidence, and the features of each digital evidence vary. The simulation file contained many reports on the finds of digital evidence. As a data acquisition method, the characteristics of live forensics are limited to the data retrieval process in RAM. Based on these findings, it is possible to conclude that the data collection and examination processing were completed effectively. The analysis results were acquired, and the report was presented with the indicated digital evidence. Further study can be paired with chip-off procedures on RAM devices for data recovery.