Forensic investigation for Instant Messenger: evidence extraction tools and techniques
Currently instant messaging is one of the most popular ways for people to interact with each other’s over the cyber space.
Due to its popularity, user-friendliness, rich functionality and the ability to conceal identity of the user, instant messenger is often found to be used as a communication tool to conduct sinister and illegal activity. Law enforcement agency may find traces of illegal activity by extracting information hidden beneath instant messenger. However collecting digital evidence from instant messenger can present some challenges. Existing forensic guides such as the forensic handbooks published by United State Department of Justice does not offer a comprehensive solution and procedure to counter the increasing problems arise from instant messaging investigation. Without the proper tools and technique, information stored in the instant messenger might not be thoroughly extracted, integrity of the digital evidence can be affected and in worse scenario, evidence might be lost. In order to efficiently collect digital evidence from instant messenger, my research has reviewed techniques and forensic tools designed by different developers that featured to extract information from instant messenger. After careful consideration based on several criteria, Evidence Center Pro developed by Belkasoft was selected to perform further simulation to extract information from Window Live Messenger 2011. My approach has been implemented and comprehensively tested. The result illustrated that the approach presented in my thesis are able to extract information from instant messenger in a more efficient manner in compare to the traditional approaches.