<![CDATA[WhatsApp fraud has emerged as a significant cybercrime threat, exploiting the platform’s wide user base through social engineering and malware-based attacks. This study investigates a WhatsApp fraud case by analyzing digital artifacts to uncover the perpetrator’s modus operandi and provide structured guidance for law enforcement. Using the Digital Forensics for Incident Response (D4I) Framework in conjunction with Cyber Kill Chain (CKC) mapping, five key artifacts were identified and evaluated quantitatively based on their strength of evidence (v) and reliability (r). The results show that the malicious APK and source code containing a Telegram bot token constitute primary evidence with the highest probative value, while the Manifest.xml file and hidden background application serve as supporting evidence, and contextual indicators such as sender information provide limited legal weight. These findings highlight the importance of differentiating artifacts by evidentiary significance and demonstrate the value of the proposed scoring methodology. The study has limitations, as it is based on a simulated case and relies partly on expert judgment in scoring criteria. Future research should apply the approach to other platforms and fraud scenarios, and explore automation to enhance objectivity and scalability. Beyond its academic contributions, the study offers a structured rubric for prioritizing evidence and emphasizes the need for standardized evaluation frameworks in digital forensic policy and practice, ultimately strengthening the legal robustness and societal trust in digital investigations.]]>
Copyrights © 2025
