International Journal of Computer and Information System (IJCIS)

WhatsApp fraud has emerged as a significant cybercrime threat, exploiting the platform’s wide user base through social engineering and malware-based attacks. This study investigates a WhatsApp fraud case by analyzing digital artifacts to uncover the perpetrator’s modus operandi and provide structured guidance for law enforcement. Using the Digital Forensics for Incident Response (D4I) Framework in conjunction with Cyber Kill Chain (CKC) mapping, five key artifacts were identified and evaluated quantitatively based on their strength of evidence (v) and reliability (r). The results show that the malicious APK and source code containing a Telegram bot token constitute primary evidence with the highest probative value, while the Manifest.xml file and hidden background application serve as supporting evidence, and contextual indicators such as sender information provide limited legal weight. These findings highlight the importance of differentiating artifacts by evidentiary significance and demonstrate the value of the proposed scoring methodology. The study has limitations, as it is based on a simulated case and relies partly on expert judgment in scoring criteria. Future research should apply the approach to other platforms and fraud scenarios, and explore automation to enhance objectivity and scalability. Beyond its academic contributions, the study offers a structured rubric for prioritizing evidence and emphasizes the need for standardized evaluation frameworks in digital forensic policy and practice, ultimately strengthening the legal robustness and societal trust in digital investigations.

Oluwaseun Oladeji Olaniyi and Dagogo Sopriala Omubo, “WhatsApp Data Policy, Data Security and Users’ Vulnerability,” ijird, May 2023, doi: 10.24940/ijird/2023/v12/i4/apr23021.

N. Subramanian, G. Shobana, S. N. Bushra, and K. U. Maheswari, “A way to explore SMS: Social Media Scams for a secure Digi-world,” 2021 5th International Conference on Electronics, Communication and Aerospace Technology (ICECA). IEEE, pp. 647–651, Dec. 02, 2021. doi: 10.1109/iceca52323.2021.9676155.

S. Nishchal, “Forensic Analysis of WhatsApp: A Review of Techniques, Challenges, and Future Directions,” J Forensic Sci Res, vol. 8, no. 1, pp. 019–024, June 2024, doi: 10.29328/journal.jfsr.1001059.

A. Dimitriadis, N. Ivezic, B. Kulvatunyou, and I. Mavridis, “D4I - Digital forensics framework for reviewing and investigating cyber attacks,” Array, vol. 5, p. 100015, Mar. 2020, doi: 10.1016/j.array.2019.100015.

Y. Y. Lee, C. L. Gan, and T. W. Liew, “Thwarting Instant Messaging Phishing Attacks: The Role of Self-Efficacy and the Mediating Effect of Attitude towards Online Sharing of Personal Information,” IJERPH, vol. 20, no. 4, p. 3514, Feb. 2023, doi: 10.3390/ijerph20043514.

W. Meng, T. Giannetsos, and C. D. Jensen, “Information and Future Internet Security, Trust and Privacy,” Future Internet, vol. 14, no. 12, p. 372, Dec. 2022, doi: 10.3390/fi14120372.

G. Kim, U. Hur, S. Kang, and J. Kim, “Analyzing the Web and UWP versions of WhatsApp for digital forensics,” Forensic Science International: Digital Investigation, vol. 52, p. 301861, Mar. 2025, doi: 10.1016/j.fsidi.2024.301861.

J. Son, Y. W. Kim, D. B. Oh, and K. Kim, “Forensic analysis of instant messengers: Decrypt Signal, Wickr, and Threema,” Forensic Science International: Digital Investigation, vol. 40, p. 301347, Mar. 2022, doi: 10.1016/j.fsidi.2022.301347.

D. Schmutz, R. Rapp, and B. Fehrensen, “Forensic analysis of hook Android malware,” Forensic Science International: Digital Investigation, vol. 49, p. 301769, June 2024, doi: 10.1016/j.fsidi.2024.301769.

P. Faruki, R. Bhan, V. Jain, S. Bhatia, N. El Madhoun, and R. Pamula, “A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks,” Information, vol. 14, no. 7, p. 374, June 2023, doi: 10.3390/info14070374.

C. Palma, A. Ferreira, and M. Figueiredo, “Explainable Machine Learning for Malware Detection on Android Applications,” Information, vol. 15, no. 1, p. 25, Jan. 2024, doi: 10.3390/info15010025.

T. Al lelah, G. Theodorakopoulos, P. Reinecke, A. Javed, and E. Anthi, “Abuse of Cloud-Based and Public Legitimate Services as Command-and-Control (C&C) Infrastructure: A Systematic Literature Review,” JCP, vol. 3, no. 3, pp. 558–590, Sept. 2023, doi: 10.3390/jcp3030027.

H. Heath, Á. MacDermott, and A. Akinbi, “Forensic analysis of ephemeral messaging applications: Disappearing messages or evidential data?,” Forensic Science International: Digital Investigation, vol. 46, p. 301585, Sept. 2023, doi: 10.1016/j.fsidi.2023.301585.