A Framework of Forensic Analysis and Visualization: Using WhatsApp Chat Data as a Case Study

Shahnaz Pirzada - Universiti Tun Hussein Onn Malaysia, Parit Raja, Johor, 86400, Malaysia
Nurul Hidayah Ab Rahman - Universiti Tun Hussein Onn Malaysia, Parit Raja, Johor, 86400, Malaysia
Niken Dwi Wahyu Cahyani - Universiti Tun Hussein Onn Malaysia, Parit Raja, Johor, 86400, Malaysia
Muhammad Fakri Othman - Universiti Tun Hussein Onn Malaysia, Parit Raja, Johor, 86400, Malaysia


Citation Format:



DOI: http://dx.doi.org/10.62527/joiv.8.3-2.2868

Abstract


Digital forensic analysis involves studying and analyzing acquired evidence artifacts using methodical approaches. However, unstructured data could be time-consuming and difficult in the forensic examination phase. Automation in digital forensic processes has recently been seen as a potential solution to improve analysis processes. Therefore, we propose a forensic analysis and visualization framework via exploratory data analysis (EDA) using WhatsApp chat datasets as a case study. Univariate and multivariate EDA visualization models were applied to the datasets. The framework's utility was demonstrated through forensic analysis simulation scenarios: linkage (interaction) and attribution (who was responsible). origination (evaluation of source), and sequencing (timeline). It was conducted in a controlled experiment environment using Python scripting. The aim is to test the extent to which EDA visualization models can visualize complete and accurate artifacts based on the scenarios. Our evidence-based findings demonstrated the suitability of specific univariate and multivariate in visualizing complete and accurate data. The framework was able to visualize key metadata such as incoming and outgoing chats, sender identification, communication timeline, and shared media. The findings suggested that the EDA approach aligns with forensic analysis, as it helps describe investigative clues by analyzing data patterns. Additionally, an expert review was conducted, in which the experts confirmed the adequacy of the simulation scenarios and the usefulness of the forensic visualization. Furthermore, the results of this study could aid in presenting evidence in a court of law.


Keywords


Forensic analysis; Forensic visualization; Instant messaging apps; Mobile forensics; Mobile communication apps

Full Text:

PDF

References


K. Kent, S. Chevalier, T. Grance, and H. Dang, “Guide to Integrating Forensic Techniques into Incident Response,” Natl. Inst. Stand. Technol., 2006.

H. Baumeister and C. Montag, Digital Phenotyping and Mobile Sensing. 2019.

C. Tassone, B. Martini, and K. K. R. Choo, “Forensic Visualization: Survey and Future Research Directions,” in Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, Syngress, 2017, pp. 163–184.

A. Jarrett and K.-K. R. Choo, “The impact of automation and artificial intelligence on digital forensics,” WIREs Forensic Sci., vol. 3, no. 6, pp. 1–17, 2021.

X. Du et al., “SoK: Exploring the state of the art and the future potential of artificial intelligence in digital forensic investigation,” in ACM International Conference Proceeding Series, 2020, no. 46, pp. 1–10.

“Univariate Analysis | Exploratory Bivariate and Multivariate Analysis.” [Online]. Available: https://www.analyticsvidhya.com/blog/2021/04/exploratory-analysis-using-univariate-bivariate-and-multivariate-analysis-techniques/. [Accessed: 23-Jun-2023].

M. Komorowski, D. C. Marshall, J. D. Salciccioli, and Y. Crutain, Secondary Analysis of Electronic Health Records, 1st edn. Cham: Springer Nature, 2016.

C. Vischioni, F. Bove, F. Mandreoli, R. Martoglia, V. Pisi, and C. Taccioli, “Visual Exploratory Data Analysis for Copy Number Variation Studies in Biomedical Research,” Big Data Res., vol. 27, p. 100298, 2022.

W. S. Ong and N. H. Ab Rahman, “A Forensic Analysis Visualization Tool for Mobile Instant Messaging Apps,” Int. J. Inf. Commun. Technol., vol. 6, no. 2, pp. 78–87, 2020.

S. Yaqub, S. Gochhait, H. A. H. Khalid, S. N. Bukhari, A. Yaqub, and M. Abubakr, “WhatsApp Chat Analysis: Unveiling Insights through Data Processing and Visualization Techniques,” 2024 ASU Int. Conf. Emerg. Technol. Sustain. Intell. Syst. ICETSIS 2024, pp. 862–865, 2024.

F. Duzhin and J. S. Tan, “Analytics for WhatsApp chats: tracking and visualising students’ collaboration in project teams,” Int. J. Mob. Learn. Organ., vol. 17, no. 1–2, pp. 149–179, 2023.

S. J. Rani, T. N. Prabhu, and J. A. Ida Chellam, “Whatsapp Sentiment Analysis Using R,” 2022 3rd Int. Conf. Emerg. Technol. INCET 2022, pp. 1–4, 2022.

A. Ahmad and M. Abubakar, “Sentiment Analysis and Classification of Asuu Whatsapp Group Post using Data Mining,” J. Confl. Resolut. Soc. Issues, vol. 1, no. 2, pp. 17–26, 2022.

Ranjan, B. Gupta, V. Kapoor, and D. Bansal, “Analyzing WhatsApp Chat Using Python Libraries,” Proc. 2023 Int. Conf. Intell. Syst. Commun. IoT Secur. ICISCoIS 2023, pp. 181–184, 2023.

S. Pirzada, N. H. Ab Rahman, N. D. W. Cahyani, and M. F. Othman, “A Survey of Forensic Analysis and Information Visualization Approach for Instant Messaging Applications,” Int. J. Adv. Comput. Sci. Appl., vol. 14, no. 2, pp. 237–246, 2023.

A. Unwin, “Exploratory Data Analysis,” Int. Encycl. Educ. Third Ed., pp. 156–161, 2009.

“An Extensive Step by Step Guide to Exploratory Data Analysis | by Terence Shin | Towards Data Science.” [Online]. Available: https://towardsdatascience.com/an-extensive-guide-to-exploratory-data-analysis-ddd99a03199e. [Accessed: 07-Aug-2023].

J. Kizza and F. Migga Kizza, Digital Evidence and Computer Crime. 2011.

“Digital Corpora – Producing the Digital Body.” [Online]. Available: https://digitalcorpora.org/. [Accessed: 04-Feb-2023].

C. Grajeda, F. Breitinger, and I. Baggili, “Availability of datasets for digital forensics – And what is missing,” Digit. Investig., vol. 22, pp. S94–S105, 2017.

“Datasets – Datasets for Cyber Forensics.” [Online]. Available: https://datasets.fbreitinger.de/datasets/. [Accessed: 12-Feb-2023].

M. Wagner, A. Rind, N. Thür, and W. Aigner, “A knowledge-assisted visual malware analysis system: Design, validation, and reflection of KAMAS,” Comput. Secur., vol. 67, pp. 1–15, 2017.

D. Ayers, “A second generation computer forensic analysis system,” Digit. Investig., vol. 6, pp. S34–S42, 2009.

“Computer Forensics Tool Testing Program (CFTT),” 2019. [Online]. Available: https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testing-program-cftt.

T. Wu, F. Breitinger, and S. O’Shaughnessy, “Digital forensic tools: Recent advances and enhancing the status quo,” Forensic Sci. Int. Digit. Investig., vol. 34, p. 300999, 2020.

M. T. A. Razak, N. H. Ab Rahman, N. D. W. Cahyani, T. X. Hui, and S. K. Taylor, “M-health digital evidence taxonomy system (MDETS): Enabling digital forensics readiness with knowledge sharing approach,” AIP Conf. Proc., vol. 2508, no. 1, pp. 020016–1–020016–12, 2023.

C. Anglano, M. Canonico, and M. Guazzone, “Forensic analysis of Telegram Messenger on Android smartphones,” Digit. Investig., vol. 23, pp. 31–49, 2017.

Y. C. Tok and S. Chattopadhyay, “Identifying threats, cybercrime and digital forensic opportunities in Smart City Infrastructure via threat modeling,” Forensic Science International: Digital Investigation, vol. 45. 2023.

M. N. Alam and M. S. Kabir, “Forensics in the Internet of Things: Application Specific Investigation Model, Challenges and Future Directions,” 2023 4th Int. Conf. Emerg. Technol. INCET 2023, pp. 1–6, 2023.

Y. Tong, Y. Cui, L. Jiang, Y. Zeng, and D. Zhao, “Construction, Validation, and Visualization of Two Web-Based Nomograms for Predicting Overall Survival and Cancer-Specific Survival in Elderly Patients with Primary Osseous Spinal Neoplasms,” J. Oncol., vol. 2022, p. 21, 2022.

Y. Tong, Y. Cui, L. Jiang, Y. Zeng, and D. Zhao, “Construction, Validation, and Visualization of Two Web-Based Nomograms for Predicting Overall Survival and Cancer-Specific Survival in Elderly Patients with Primary Osseous Spinal Neoplasms,” J. Oncol., vol. 2022, 2022.

A. O. Aljahdali; G. Alluhaib; R. Alqarni; M. Alsharef; A. Alsaqqaf, “Big data analysis and forensics." International Journal of Electronic Security and Digital Forensics,” Int. J. Electron. Secur. Digit. forensics(IJESDF), vol. 14, no. 6, pp. 579–593, 2022.

J. Najar, M. Tsantekidis, A. Sotiropoulos, and V. Prevelakis, “Enhancing Cyber Threat Hunting: A Visual Approach with the Forensic Visualization Toolkit,” Proc. - 2023 IEEE Int. Conf. Big Data, BigData 2023, pp. 3035–3042, 2023.

I. Ahmad, M. A. Shah, H. A. Khattak, Z. Ameer, M. Khan, and K. Han, “FIViz: Forensics investigation through visualization for malware in internet of things,” Sustain., vol. 12, no. 18, pp. 1–23, 2020.

C. Anglano, M. Canonico, and M. Guazzone, “The Android Forensics Automator (AnForA): A tool for the Automated Forensic Analysis of Android Applications,” Comput. Secur., vol. 88, pp. 1–15, 2020.

S. Ferreira, M. Antunes, and M. E. Correia, “Exposing manipulated photos and videos in digital forensics analysis,” J. Imaging, vol. 7, no. 7, 2021.

“Malaysian communications and multimedia commission act 1998,” 2000. [Online]. Available: https://www.mcmc.gov.my/en/legal/acts/communications-and-multimedia-act-1998-reprint-200?nid=2311.

Y.-O. A and B. AD, “Digital Forensics Investigation Jurisprudence: Issues of Admissibility of Digital Evidence,” J. Forensic, Leg. Investig. Sci., vol. 6, no. 1, pp. 1–8, 2020.