In this digital forensic investigation, we analyze an Android device suspected to be linked to a fraudulent credit card transaction. The suspect, a graphic designer, claims innocence, stating they were at the airport when the unauthorized purchase occurred. As investigators, our objective is to examine the forensic image of the device, uncover potential evidence, and determine whether the suspect's statement holds true. This requires extracting key artifacts such as messages, web history, downloaded files, and application data to reconstruct the sequence of events leading up to the alleged crime. A critical aspect of this investigation involves identifying whether the suspect’s personal information, including financial details, was compromised. Modern cybercriminals frequently use malware, phishing, and credential theft tactics to gain unauthorized access to victims' accounts. By analyzing communication logs, installed applications, and browser data, we can identify any suspicious interactions that may have led to credential exposure. Additionally, forensic examination of emails and messaging platforms such as Discord can provide insights into whether the suspect was targeted by a cyberattack.
Beyond direct digital evidence, it is essential to explore the possibility of a malware infection on the device. If malicious software was installed, it could have exfiltrated sensitive information, allowing a remote attacker to conduct the fraudulent transaction. By reverse engineering suspicious applications, investigating their network communication, and identifying any associated command and control servers, we can determine whether the device was compromised. Understanding the attack chain, how the malware was delivered, installed, and executed, wi