Persistensi Artefak Telegram Web pada Memori Setelah Perubahan Sistem dengan Metode NIST SP 800-86

Sigit Puspito Wigati Jarot; Lukman Rosyidi; Haura Tsabitah

doi:10.47065/bulletincsr.v6i3.1086

Authors

Sigit Puspito Wigati Jarot Sekolah Tinggi Teknologi Terpadu Nurul Fikri, Depok, Indonesia
Lukman Rosyidi Sekolah Tinggi Teknologi Terpadu Nurul Fikri, Depok, Indonesia
Haura Tsabitah Sekolah Tinggi Teknologi Terpadu Nurul Fikri, Indonesia

DOI:

https://doi.org/10.47065/bulletincsr.v6i3.1086

Keywords:

Cyberbullying; Digital Forensics; Memory Acquisition; NIST SP 800-86; Telegram Web

Abstract

The increasing incidence of cyberbullying on online communication platforms presents significant challenges for digital forensic investigations, particularly when perpetrators delete all message histories. Telegram Web, a browser-based messaging platform, produces volatile digital artifacts because its activity data is stored in system memory (RAM). This study aims to analyze the persistence of Telegram Web digital artifacts in volatile memory under six device condition variations using the NIST SP 800-86 framework, addressing a research gap in the quantitative evaluation of acquisition conditions for browser-based platforms. A cyberbullying simulation was conducted via Telegram private chat, generating 10 digital artifacts text messages, images, a document, and an audio file all subsequently deleted by the perpetrator. Memory acquisition was performed using Exterro FTK Imager under six conditions: immediately post-incident, sleep mode, hibernate mode, browser closed, browser closed with subsequent application use, and shutdown. Artifact identification employed keyword-based analysis on memory images. Results show that the first three conditions yielded 100% artifact recovery, as RAM preserved Chrome process data through DRAM self-refresh (ACPI S3) and byte-for-byte copying to hiberfil.sys (ACPI S4). Closing the browser reduced recovery to 40%, subsequent application use further reduced it to 10% due to zero-fill operations on reallocated memory pages, and shutdown produced 0% as all DRAM capacitor charges were lost. These findings demonstrate that artifact recovery rates are predictable from computer memory architecture, providing empirical guidance for digital forensic practitioners in web-based cybercrime cases.

Downloads

Download data is not yet available.

References

A. A. D. Pitaloka, C. Syahputri, D. Ramadhani, N. P. Anggreani, S. N. Khaira, and G. Supraja, “The Role of Social Media in the Dissemination of Public Information,” Int. J. Econ. Res. Financ. Account, vol. 3, no. 2, pp. 490–495, Jan. 2025.

Interpol, “Asia and South Pacific Cyberthreat Assessment Report,” Rep., International Criminal Police Organization, Lyon, France, Aug. 2024.

V. Ibrahim, Y. S. Hasan, and P. Ishak, “Personal Data Protection Policies and Their Impact on Victims of Cybercrime,” Jurnal Ilmu Hukum Kyadiren, vol. 6, no. 2, pp. 13–25, Jan. 2025, doi: 10.46924/jihk.v6i2.225.

S. Kemp, “Digital 2024: Global Overview Report,” DataReportal. Accessed: Apr. 2026. [Online]. Available: https://datareportal.com/reports/digital-2024-global-overview-report

A. R. Onik, J. Brown, C. Walker, and I. Baggili, “A Systematic Literature Review of Secure Instant Messaging Applications from a Digital Forensics Perspective,” ACM Comput. Surv., vol. 57, no. 9, pp. 1–36, Sep. 2025, doi: 10.1145/3727641.

M. Prasetio and I. Riadi, “Investigation Telegram Based-on Web using National Institute of Standards and Technology Method,” Int. J. Comput. Appl., vol. 183, no. 50, pp. 8–15, Feb. 2022, doi: 10.5120/ijca2022921092.

F. Paligu and C. Varol, “Browser Forensic Investigations of WhatsApp Web Utilizing IndexedDB Persistent Storage,” Future Internet, vol. 12, no. 11, p. 184, Oct. 2020, doi: 10.3390/fi12110184.

B. Jeong, S. Lee, and J. Park, “MIC: Memory Analysis of IndexedDB Data on Chromium-Based Applications,” Forensic Science International: Digital Investigation, vol. 50, p. 301809, Oct. 2024, doi: 10.1016/j.fsidi.2024.301809.

H. Nyholm et al., “The Evolution of Volatile Memory Forensics,” Journal of Cybersecurity and Privacy, vol. 2, no. 3, pp. 556–572, Jul. 2022, doi: 10.3390/jcp2030028.

I. Hamid and M. M. H. Rahman, “A Comprehensive Literature Review on Volatile Memory Forensics,” Electronics, vol. 13, no. 15, p. 3026, Jul. 2024, doi: 10.3390/electronics13153026.

J. Kävrestad, M. Birath, and N. Clarke, Fundamentals of Digital Forensics: A Guide to Theory, Research and Applications, 3rd ed. Cham, Switzerland: Springer International Publishing, 2024, doi: 10.1007/978-3-031-53649-6. [Online]. Available: https://link.springer.com/book/10.1007/978-3-031-53649-6

J. Wiarti, “Legality of Electronic Evidence in Cyber Crime Cases,” Ahmad Dahlan Indonesian Law Journal, vol. 1, no. 1, pp. 11–19, Jun. 2023, doi: 10.12928/adil.v1i1.572.

Indonesia, “Undang-Undang Informasi dan Transaksi Elektronik, UU No. 11 Tahun 2008,” 2008. Accessed: Apr. 2026. [Online]. Available: https://peraturan.bpk.go.id/details/37589/uu-no-11-tahun-2008

Mahkamah Agung, “Peraturan Mahkamah Agung (Perma) Nomor 1 Tahun 2019,” 2019, Accessed: Apr. 2026. [Online]. Available: https://peraturan.bpk.go.id/details/206067/perma-no-1-tahun-2019

R. Stoykova, “Digital Evidence: Unaddressed Threats to Fairness and the Presumption of Innocence,” Computer Law & Security Review, vol. 42, p. 105575, Sep. 2021, doi: 10.1016/j.clsr.2021.105575.

P. Reedy, “Interpol Review of Digital Evidence for 2019–2022,” Forensic Sci. Int. Synergy, vol. 6, p. 100313, 2023, doi: 10.1016/j.fsisyn.2022.100313.

C. Easttom, Digital Forensics, Investigation, and Response, 4th ed. Burlington, MA: Jones & Bartlett Learning, 2022. [Online]. Available: https://www.jblearning.com/catalog/productdetails/9781284226065

A. Raza and M. B. Hassan, “Digital Forensic Analysis of Telegram Messenger App in Android Virtual Environment,” Mobile and Forensics, vol. 4, no. 1, pp. 31–43, Mar. 2022, doi: 10.12928/mf.v4i1.5537.

E. Purwanto and I. Riadi, “Digital Forensic Mobile Telegram Services in Online Gambling Case using National Institute of Standards and Technology Method,” Int. J. Comput. Appl., vol. 186, no. 35, pp. 44–54, Aug. 2024, doi: 10.5120/ijca2024923926.

L. Jaeckel, M. Spranger, and D. Labudde, “Forensic Analysis of Telegram Messenger on iOS Smartphones,” Forensic Science International: Digital Investigation, vol. 52, p. 301866, Mar. 2025, doi: 10.1016/j.fsidi.2025.301866.

P. Fernández-Álvarez and R. J. Rodríguez, “Extraction and Analysis of Retrievable Memory Artifacts from Windows Telegram Desktop Application,” Forensic Science International: Digital Investigation, vol. 40, p. 301342, Apr. 2022, doi: 10.1016/j.fsidi.2022.301342.

I. G. N. G. Wicaksana and I. K. G. Suhartana, “Forensic Analysis of Telegram Desktop-based Applications using the National Institute of Justice (NIJ) Method,” JELIKU (Jurnal Elektronik Ilmu Komputer Udayana), vol. 8, no. 4, p. 381, Feb. 2020, doi: 10.24843/JLK.2020.v08.i04.p03.

N. C. Dewi, T. Sutabri, and F. Putrawansyah, “Analisis Penyadapan pada Telegram dengan Network Forensik,” JIKO (Jurnal Informatika dan Komputer), vol. 7, no. 2, p. 183, Sep. 2023, doi: 10.26798/jiko.v7i2.789.

A. Raza, M. Hussain, H. Tahir, M. Zeeshan, M. A. Raja, and K.-H. Jung, “Forensic Analysis of Web Browsers Lifecycle: A Case Study,” Journal of Information Security and Applications, vol. 85, p. 103839, Sep. 2024, doi: 10.1016/j.jisa.2024.103839.

L. C. Pakaya and I. Riadi, “Forensic Analysis of Web-based Instant Messenger Applications using National Institute of Justice Method,” IJCA (International Journal of Computer Applications), vol. 185, no. 35, pp. 44–51, Sep. 2023, doi: 10.5120/ijca2023923145.

K. A. Arifin and I. Riadi, “Forensic Analysis of Online Fraud on Telegram Web using Digital Forensics Workshop Method,” IJCA (International Journal of Computer Applications), vol. 187, no. 30, pp. 4–11, Aug. 2025, doi: 10.5120/ijca2025925515.

B. W. D. Samara, A. Subki, M. Zulpahmi, and L. D. Samsumar, “Analisis Forensik Aplikasi Telegram Menggunakan Metode Digital Forensics Research Workshop,” Journal Of Computer Science And Technology (JOCSTEC), vol. 3, no. 2, pp. 112–126, May 2025, doi: 10.59435/jocstec.v3i2.435.

A. Yudhana, I. Riadi, and R. Y. Prasongko, “Forensik WhatsApp Menggunakan Metode Digital Forensic Research Workshop (DFRWS),” Jurnal Informatika: Jurnal Pengembangan IT, vol. 7, no. 1, pp. 43–48, Jan. 2022, doi: 10.30591/jpit.v7i1.3639.

D. S. I. Utomo, Y. Prayudi, and E. Ramadhani, “Forensic Web Analysis on The Latest Version of WhatsApp Browser,” Journal of Computer Networks, Architecture and High Performance Computing, vol. 5, no. 1, pp. 359–367, May 2023, doi: 10.47709/cnahpc.v5i1.2286.

A. Faizal and A. Luthfi, “Comparison Study of NIST SP 800-86 and ISO/IEC 27037 Standards as A Framework for Digital Forensic Evidence Analysis,” Journal of Information Systems and Informatics, vol. 6, no. 2, pp. 701–718, Jun. 2024, doi: 10.51519/journalisi.v6i2.717.

L. Rzepka, J. Ottmann, R. Stoykova, F. Freiling, and H. Baier, “A Scenario-Based Quality Assessment of Memory Acquisition Tools and its Investigative Implications,” Forensic Science International: Digital Investigation, vol. 52, p. 301868, Mar. 2025, doi: 10.1016/j.fsidi.2025.301868.

R. A. Ramadhan, P. R. Setiawan, and D. Hariyadi, “Digital Forensic Investigation for Non-Volatile Memory Architecture by Hybrid Evaluation Based on ISO/IEC 27037:2012 and NIST SP800-86 Framework,” IT Journal Research and Development, pp. 162–168, Feb. 2022, doi: 10.25299/itjrd.2022.8968.

J. R. Lyle, B. Guttman, J. M. Butler, K. Sauerwein, C. Reed, and C. E. Lloyd, “Digital Investigation Techniques: A NIST Scientific Foundation Review,” Nat. Inst. Stand. Technol., Gaithersburg, MD, USA, Rep. NIST IR 8354, Nov. 2022. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8354.pdf

B. Pandey, A. Kumar, D. B. Acharya, P. Pandey, and W. A. W. A. Bakar, “Memory Forensic: Detecting Unusual Intrusion Activity in Dump of RAM Memory Using FTK Imager,” International Journal of Information Technology, vol. 17, no. 7, pp. 4209–4216, Sep. 2025, doi: 10.1007/s41870-025-02567-0.

R. Rahmansyah, “Perbandingan Hasil Investigasi Barang Bukti Digital pada Aplikasi Facebook dan Instagram dengan Metode NIST,” Cyber Security dan Forensik Digital, vol. 4, no. 1, pp. 49–57, Jun. 2021, doi: 10.14421/csecurity.2021.4.1.2421.

W. Agustiono, D. W. Suci, and N. Prastiti, “Analisis Forensik Digital Menggunakan Metode NIST untuk Memulihkan Barang Bukti yang Dihapus,” Jurnal Teknologi dan Informasi, vol. 14, no. 2, pp. 174–185, Sep. 2024, doi: 10.34010/jati.v14i2.12952.

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Persistensi Artefak Telegram Web pada Memori Setelah Perubahan Sistem dengan Metode NIST SP 800-86

Persistensi Artefak Telegram Web pada Memori Setelah Perubahan Sistem dengan Metode NIST SP 800-86

Authors

DOI:

Keywords:

Abstract

Downloads

References

ARTICLE HISTORY

How to Cite

Issue

Section

Most read articles by the same author(s)