Digital Forensic Analysis of Telegram Application on Android as Digital Evidence
Our journey today is about embarking on the complex yet intriguing path of digital forensics, specifically focusing on the Telegram application on Android devices. We’ll delve into the intricacies of extracting, analyzing, and interpreting digital evidence, a trail of digital breadcrumbs that may hold the answers to questions posed by investigators.
The expansive field of digital forensics has been growing with leaps and bounds, keeping pace with the fast-evolving technological landscape. And as we dive deep into this realm, we will explore how the seemingly invisible traces left behind on an Android device running Telegram can be unearthed and utilized as pivotal digital evidence. We’ll witness the amalgamation of law and technology, shedding light on the critical role digital forensics plays in contemporary society.
Fasten your seat belts as we take you through this fascinating journey where science meets law, bits meet justice, and where a simple chat history can turn into solid evidence, unraveling truths and aiding in the establishment of justice.
Methodology
The this research use the investigation process from mckemmish.
From figure above is from mckemmish, there are 4 processes or steps to digital forensics. The first digital forensics framework.
Identifying
Material as use digital evidence, the store where is evidence locate and assessing the impact of the activities that will performed by the use. For this research use Android Virtual Device for experience And the Telegram version 9.6.7 android OS for the social messenger. The goal of this study was to identify any leftover data from Telegram messaging usage on Android Virtual Device.
Preserving
For this step we gather information about evidence in Telegram messaging apps. To collect the evidence we connect to Android Virtual Device by adb, Find the folder of Telegram. Imaging the folder by dd command and adb pull to the host client computer.
- First step to acquisition from Adb shell,After that get access to root access.
2. Create tar file
3. Imaging process by dd command to create img file.
4. Figure above pull to the host client, after the imaging process then pulling image from AVD.
Analyzing
After the step of preservation the evidence cannot read or taken directly. So the help of tools can be assist to analyze the evidence to continue the analysis process. There is several
The scenario is running on AVD, then connect to the device from ADB to AVD, after that connect by shell to gain access root,
There is chat come from the scammer to persuade the victim to access phishing link.
From the response from victim agreed to fill form the phishing link.
From figure above is phone number from CS BANK GOJA account telegram.
4.4 Presenting
When in the court, digital forensics on of main objective is to help prove the cybercrime. Result is given the all the activities of mobile forensics that were performed. Hopefully this research can be more useful to cybersecurity researcher, forensics analyst, cyberlaw practitioner and investigator.
