<![CDATA[Digital forensic analysis involves studying and analyzing acquired evidence artifacts using methodical approaches. However, unstructured data could be time-consuming and difficult in the forensic examination phase. Automation in digital forensic processes has recently been seen as a potential solution to improve analysis processes. Therefore, we propose a forensic analysis and visualization framework via exploratory data analysis (EDA) using WhatsApp chat datasets as a case study. Univariate and multivariate EDA visualization models were applied to the datasets. The framework's utility was demonstrated through forensic analysis simulation scenarios: linkage (interaction) and attribution (who was responsible). origination (evaluation of source), and sequencing (timeline). It was conducted in a controlled experiment environment using Python scripting. The aim is to test the extent to which EDA visualization models can visualize complete and accurate artifacts based on the scenarios. Our evidence-based findings demonstrated the suitability of specific univariate and multivariate in visualizing complete and accurate data. The framework was able to visualize key metadata such as incoming and outgoing chats, sender identification, communication timeline, and shared media. The findings suggested that the EDA approach aligns with forensic analysis, as it helps describe investigative clues by analyzing data patterns. Additionally, an expert review was conducted, in which the experts confirmed the adequacy of the simulation scenarios and the usefulness of the forensic visualization. Furthermore, the results of this study could aid in presenting evidence in a court of law.]]>
Copyrights © 2024
