Professional Documents
Culture Documents
ISSN No:-2456-2165
Abstract:- Computer forensics is one of the sciences evidence uses a set of procedures to conduct thorough
used to track digital evidence on hardware or software. testing on a computer system using software and tools to
Flashdisk is widely used because it is easy to carry and extract and preserve evidence of criminal acts.
can store various kinds of files with large storage
capacity. To be able to analyze, recover, and view Not a few digital evidence is hidden, encrypted and
hidden files, software such as AccessData FTK Imager even disguised by criminals with the aim that the process of
3.4, Autopsy 4.0, and additional software, 7-Zip 17.0, is finding digital evidence makes it difficult for investigations
required to compress and extract files. In this study, by forensic analysts and investigators (such as police and
scenario testing and experiments were carried out on a people conducting investigations) so that the evidence
flash disk in which there was an excel file that had been cannot be presented at trial because it is not strong and
compressed using 7-Zip and disguised in a foto.jpg file irrelevant to the case being filed. The way to disguise this
using file merging steganography techniques. By using evidence can be done by using steganography methods,
Access Data FTK Imager, an image file is created on ranging from simple methods to the use of encrypted files.
electronic evidence. The image file was analyzed using The method used will slow down the analysis process on
Autopsy. The result of this research is that there is a forensic computers, because forensic analysts have to
difference in the capacity of the foto.jpg file because it is search for suspicious files and dissect the files one by one
a merger of 2 (two) files. In addition, in the excel file with certain software.
there is evidence of crime, namely the sale of illegal
motorbikes, the place of the transaction, the coordinates II. LITERATURE REVIEW
of the location and the phone number of the suspect. A. Digital Forensic
Keywords:- Computer forensics, flashdisk, digital evidence, Digital forensics or computer forensics is a combination
steganography of legal and computer science disciplines in collecting and
I. INTRODUCTION analyzing data from computer systems, networks,
communications, wireless and storage devices. Digital
With the rapid development of technology, so that forensics is also an application of the field of computer
some industries have even gone to technology 4.0, where science and technology for the benefit of legal evidence.
the role of computer and cyber systems is more widely used
to carry out their activities. Forensic computers are used by law enforcement
because of the many legal cases that require the role of
Technological advances will certainly result in the computer science in making it easier to find evidence so
occurrence of new, more modern crimes. One of these that it can be submitted in court.
crimes is cyber crime, where the perpetrators of this crime
use computer media and networks to launch their actions. B. Electronic Evidence
The patterns of crime that they use vary greatly, from the Electronic evidence or often called electronic evidence
use of internet media, telecommunications to conventional is evidence that is physical and visually recognizable.
methods they use to smooth their efforts in committing Therefore, investigators and forensic analysts must already
crimes. Criminals will hide evidence of their crimes at all understand and recognize each - each electronic evidence
costs. Although the perpetrators hide the evidence of their when searching for evidence at a crime scene.
crimes, digital records can be searched and traced using
forensic computer methods by forensic analysts. Therefore, C. Digital Evidence
the role of computer forensics is needed to reveal the Digital evidence or also called digital evidence is data
perpetrators of the crime. stored or transmitted using a computer that can support or
refute a particular offense, or it can also be referred to as
Computer forensics is a derivative discipline of clues that point to important elements related to an offense
computer security that discusses the finding of digital [8].
evidence after an event occurs. Computer forensic activity
itself is a process of identifying, maintaining, analyzing, The digital evidence is digital and can be extracted or
and using digital evidence according to applicable law. [7] recovered from electronic evidence. The digital evidence
must be sought by investigators and forensic analysts to
Disclosure of a case event requires strong evidence. then be researched and analyzed so that there is a
Evidence obtained from computer storage media is referred connection between the files obtained and the case at hand
to as digital evidence, which can be accounted for in court in order to reveal crimes related to electronic evidence.
proceedings. The process of tracking and analyzing digital
F. Analysis Tools
File Type File Name MD 5
The research conducted is themed Forensic Computer Images foto.jpg 577cbe24180a895fba3c01139305e412
Analysis by Performing Autopsy on Flashdisk Media, Videos - -
using various kinds of forensic tools commonly used to Audio - -
analyze forensic computers. The research only uses Archieves - -
freeware, shareware and opensource type tools. The HTML - -
software used in this research is AccessData FTK Imager, Office - -
A. Research Scenario
The scenario is that electronic evidence, namely a flash
drive, was found at the scene of the crime, and no other
electronic evidence was found. So that electronic evidence
is the only evidence in this scenario. Electronic evidence
will be investigated by forensic analysts and investigators
to shed light on who committed the crime.
Fig. 1: Flowchart of Research Methodology.
B. Research Experiment
A. Research Preparation The research conducted is that the file that will be
The preparation of the research made various kinds of targeted as digital evidence is a photo.jpg file which is a
literature studies, from digital evidence, forensic computer merger of files from Image.jpg and price.zip using file
tools and features used and the use of flash drives as digital merging steganography techniques.. After that the
evidence, the last is the preparation and implementation of photo.jpg file is viewed using windows properties, but
nothing suspicious is seen.
No Findings Description
1 There is only 1 image file photo.jpg
2 There is a file system on vol2 FAT 32
3 The existence of a formatted file there is a Deleted Files directory
systemssystem
system and cannot be recovered
and cannot be recovered
Analysis Result
Electronic evidence Flashdisk Sandisk
Model Name Cruizer Slice 8 GB
Serial Number SDCZ37-008G
Digital Data photo.jpg
The application used 1. AccessData FTK Imager
2. Autopsy
3. 7-Zip
Details of Findings 1. There is only 1 (one) image file in the electronic evidence
2. There is a file system, namely FAT 32
3. There is a file system that cannot be recovered
4. The photo.jpg file has differences in pixels and resolution
5. There is a file that is infiltrated in the photo.jpg file
6. There is an office file, namely Motorcycle Price List.xlsx which is inserted
in the photo.jpg with the file merging method
Detailed analysis of findings (office 1.Illegal motorcycle sales without papers
file) 2.The contact number (whatsapp) used as evidence is: 0888 888 999
3.Place of transaction opposite PP Layer Cake Shop Jl. Avocado IV Parung
Panjang
4.Coordinates of the transaction location -6.359617, 106.560093
5.Password at the time of transaction "Buy 2 PP layers for selling"
Conclusions By using forensic applications, it can make it easier for forensic analysts to
find digital evidence that is hidden using simple steganographic methods.
Table 7: Compilation of analysis results