Live Forensics Analysis of Line App on Proprietary Operating System

Abstract

The development of computer technology is increasing rapidly. This has positive and negative effects. One of the negative effects that occurred was the use of Line applications to conduct online shop fraud. Line is one of the instant messenger applications that can be used on computers, especially on Windows 8.1 operating system computers. Applications that run on the computer leave traces of data on Random Access Memory (RAM). Data left in RAM can be obtained using digital forensic techniques, namely live forensics which is used when the computer is running and connected to the internet. This study aims to find digital evidence regarding cases of online shop fraud using the National Institute of Standards and Technology (NIST) method. Digital evidence can be obtained using forensic tools, namely RamCapturer, FTK Imager and Winhex. RamCapturer is used to acquire data in RAM, FTK Imager is used for imaging and Winhex is used to analyze data that has been taken. The results obtained in this study were conversational recordings consisting of conversation time, conversation content and conversation status which could be digital evidence in uncovering the online shop fraud crime that occurred.