Cyber Tool for Digital Forensic Investigation

Author: Pratiksha Bombale Author: Preeti Bhoge

Department of Computer Technology Department of Computer Technology
Sou. Venutai Chavan Polytechnic, Pune Sou. Venutai Chavan Polytechnic, Pune
Email: pratikshabombale2005@[Link] Email: preetibhoge212@[Link]

Anuja. D. Mate
Author: Shravani Adhav
Lecturer
Department of Computer Technology
Department of Computer Technology Sou.
Sou. Venutai Chavan Polytechnic, Pune
Venutai Chavan Polytechnic, Pune
Email: shravaniadhav2@[Link]
Email: anujamate12@[Link]

ABSTRACT
monitoring will enable the tool to detect
The present project is dedicated to the unauthorized connections and other
creation of a Cyber security tool for digital anomalies that may signal a security breach.
Forensic Investigation using modern web In conclusion, this cyber forensic tool will
technologies. The challenge lies in creating provide investigators with a powerful
a comprehensive tool that efficiently platform to detect, trace, and analyze cyber
gathers, analyzes, and preserves digital threats across various domains. By
evidence from multiple sources while integrating features that cover browser
ensuring the integrity of the data for legal security, email analysis, and network log
proceedings. To address this issue, this monitoring, the tool will enhance the
project is dedicated to developing a accuracy and efficiency of digital forensic
cybersecurity tool tailored for digital investigations while ensuring that all
forensic investigations using modern web evidence is preserved for legal use.
technologies. The tool will integrate several
key features, including web browser Keywords:
security, file detection, and network log Cybersecurity, Digital Forensics, Cyber
analysis. The web browser security feature Threats, Browser Security, File Detection,
will allow investigators to examine browsing Network Log Analysis, Email Security,
history, cookies, cached files, and Digital Evidence, Threat Analysis.
downloads, helping identify malicious
activities or suspect online behavior. The
email security module will focus on
analyzing email headers, attachments, and
metadata to detect phishing, malware, or
unauthorized access. Network log
[Link]

Cyber tools for digital forensic investigation

have developed in response to the growing
complexity of cybercrime, starting with the
rise of computers in the 1970s and 1980s.
Initially, crimes like financial fraud and
hacking were difficult to investigate due to
the lack of standardized methods or tools to
retrieve and analyze digital data[2]. As the
internet expanded in the 1990s, the need for
specialized tools became urgent, leading to
the creation of early forensic software like
EnCase and Forensic Toolkit (FTK). These
tools enabled investigators to recover deleted
files, examine file systems, and present
digital evidence in court. The 2000s saw the
increasing importance of mobile devices, Fig 1.1
cloud computing, and encrypted data in
The fig 1.1 is a flowchart representing a
investigations. This prompted the
cybersecurity process related to an Android
development of more advanced cyber
client[6]. It outlines multiple security checks,
forensic tools capable of extracting data from
including:
a wider range of sources, including
smartphones, social media platforms, and 1. WiFi Security Analysis:
cloud storage. Alongside technological
The Android client uses APIs
advances, the legal framework for handling (getSSID() and getEncryptionType())
and presenting digital evidence became more to analyze the WiFi security.
structured, ensuring that evidence could meet
If the WiFi is secure, information is
judicial standards. Today, with the integration displayed; otherwise, the process
of AI, machine learning[3], and big data ends.
analytics, cyber forensic tools are more
2. File Upload & Spam Detection:
powerful and efficient. They can handle new
challenges such as Internet of Things (IoT) Files are uploaded to a backend
forensics and blockchain investigations[6], server.
making them crucial in combating modern A machine learning model checks for
cybercrime. spam.
[Link] ARCHITECTURE If the file is spam, the user is notified,
and the upload is blocked.
 3. Website Security Detection: •Behavioral characteristics (user interactions,
click patterns)
Whose information is requested via
• Features dependent on domains (URL
an API.
structure, TLD, WHOIS data)
The website’s safety is evaluated.
[Link] Data:
Information about website security is
• Deal with missing values: Use methods like
displayed.
imputation or deletion to deal with missing
The fig 1.1 is a flowchart visually represents data.
a structured cybersecurity approach for • Deal with outliers: Find and deal with
handling WiFi security, file uploads, and outliers that could distort the findings of an
website safety within an Android application. analysis.
• Normalize data: To enhance model
[Link] METHODOLOGY
performance, scale numerical features to a
1. Gathering and Ingestion of Data[2]: shared range.
• Describe the sources of the data: Determine
the precise categories of information that will 5. Development of Machine Learning
be gathered, such as network logs and email Models: • Choose suitable algorithms: Select
message browser history machine learning algorithms that are
appropriate for the given tasks, like: Category
2. Data ingestion: (e.g., Random Forest, SVM, Gradient
• Establish a pipeline for data ingestion: Boosting)
Establish a system for gathering and storing • Software Development Agile is the model
data from sources. utilized. • Anomaly detection (e.g., One-
• Data normalization: By converting data into Class SVM, Isolation Forest)
a standard format, you may guarantee data • Clustering, such as hierarchical clustering
compatibility and consistency. and K-means
• Develop and assess models: Use labeled or
3. Engineering features: unlabeled data to train models, then use the
• Extrapolate pertinent features: Determine right metrics to assess how well they
important characteristics from the gathered perform.
data that can be analyzed, like: • Iterative model refinement: Make constant
Sender, recipient, subject, body, attachments, improvements to models in response to user
external links, images, and web content are feedback and performance indicators.
all examples of email metadata.
from current data to boost analysis skills, [Link]
such as:
4.1Technology Frontend: Android Mobile
• Time-based features (time of day, day
Application (Java): Java for Android was
: used in the development of this application to
enable file uploading, spam detection, and
user interaction. forensics will become increasingly important
as cloud computing grows. It will be crucial
Backend: FastAPI (Python) is a high- to extend the tool's capabilities to look into
performance, lightweight API framework
and examine data from cloud environments,
that manages file uploads and spam
identification. such as logs and snapshots of virtual
PyMuPDF & NLTK: For processing natural machines. Furthermore, adding capabilities
language data and extracting text from PDFs. for blockchain forensics, Internet of Things
Scikit-learn & Joblib: For machine learning (IoT) investigations, and mobile device
models used in spam detection. forensics can expand the tool's [Link],
Pandas: For managing and modifying data. these enhancements will provide deeper
Additional Libraries & Technologies[7]:
The Android SDK[5] is used to create and insights, faster response times, and better
execute Android applications. adaptability to the changing nature of
cybercrime.
4.2 Roles of users [Link]
1. To identify spam, the user (Android App
User) uploads files (text, PDF). To sum up, cyber technologies for digital
gets information on whether or not the file is forensic investigations[1] offer priceless
spam. benefits that improve the effectiveness,
examines the criteria and justifications for precision, and dependability of gathering and
classification. analyzing digital evidence. These solutions
2. The user uploads a file, which is received
by the server (Backend-FastAPI). greatly speed up the investigation process
while reducing errors by automating difficult
Processes the file to extract text. processes, guaranteeing the integrity of the
Uses machine learning to analyze and evidence, and facilitating multi-platform and
classify the file as spam or not. extensive investigations[7]. They are crucial
Returns the results to the user, including in locating important information,
reasons for spam detection. guaranteeing legal compliance, and assisting
with incident response because of their
5. SCOPE FOR FUTURE WORK
proficiency in data recovery, pattern
Given the increasing complexity of recognition, and metadata analysis
cyberthreats, your cyber tool's potential for
[Link]
forensic digital investigation is enormous[3].
The use of AI and machine learning to We appreciate Ms. A.D. Mate, our guide, for
automate investigative procedures, like her invaluable advice and assistance with this
anomaly identification and log analysis, is a endeavor. The availability of programs like
crucial area of study that will improve the Android Studio, Java, and Firebase, which
precision and speed of forensic operations. simplified the application development
By using previous data to predict future process, is greatly appreciated. The project
threats, predictive analytics could also be was a very unique experience, and we are
used to improve proactive defence’s[4]. Cloud
grateful for the direction and innovative Detecting Forged Images in Forensic
applications that made it possible. Investigation”

[6] Arpita Singh,Nilu Singh,Sanjay K.

Singh,Sandeep k. Nayak “Cyber-Crime and
[Link]
Digital Forensics: Challenges Resolution
[1] Vihara Fernando viharaf@[Link] IEEE Xplore”
Department of Computer Systems
[7] Mohammad Rasmi Al-Mousa,Qutaiba
Engineering, Faculty of Graduate Studies and
Al-Zaqebah,Ala'a Saeb Al-
Research, Sri Lanka Institute of Information
Sherideh,Mohammed Al Ghanim,Ghassan
Technology, New Kandy Road, Malabe.
Samara,Sattam Al-Matarneh,Mahmoud
“Cyber Forensics Tools: A Review on
Asassfeh 2022 International Arab
Mechanism and Emerging Challenges”
Conference on Information Technology
[2] Mary Geddes De Montfort University (ACIT) “Examining Digital Forensic
Leicester, UK Dr Pooneh Bagheri Zadeh De Evidence for Android Applications IEEE
Montfort University Leicester, UK “Forensic Xplore” Year: 2022
Analysis of Private Browsing”

[3] Ifeoma U. Ohaeri1 Computer Science

Department North-West University
Mafikeng North West Province, South Africa
Bukohwo M. Esiefarienhe2 Computer
Science Department North West University
Mafikeng North-West Province, South Africa
Digital “Forensic Process Model for
Information System and Network Security
Management”

[4] Arjun Anand V,Buvanasri A

K,Meenakshi R,Karthika S, Ashok Kumar
Mohan,2020 4th International Conference on
Computer, Communication and Signal
Processing (ICCCSP) Year: 2020
“PeopleXploit: A hybrid tool to collect public
data ”Year: 2020

[5] S. Al Sharif1, M. Al Ali1, N. Al Reqabi1,

F. Iqbal1, T. Baker2, A. Marrington1
1College of Technological Innovation, Zayed
University, UAE 2Department of Computer
Science, Liverpool John Moores University,
UK “Magec: An Image Searching Tool for