The Comparison Performance of Digital Forensic Tools Using Additional Root Access Options

Abstract

Received December 06, 2021 Revised December 27, 2021 Accepted January 19, 2022 This research used MiChat and SayHi as materials for forensic investigations using three different tools, namely MOBILedit, Magnet Axiom, and Belkasoft. These three tools will show each performance in the forensic process. We also added a rooting process as an option if data cannot be extracted optimally even when using these three applications. The result of this study shows that the cases studied with processes without root access and with root access have the aim of complementing each other in obtaining evidence. So that these two processes complement each other's shortcomings. The main contribution of this research is a recommendation of a tool based on the best performance shown during the forensic process with rooting access and without rooting access. Based on the comparison, Magnet Axiom is superior with a total of 34 items of data found without root access, while MOBILedit is 30 items and 30 items for Belkasoft. While comparison using root access, Magnet Axiom and MOBILedit are superiors with a total of 36 items found in Magnet Axiom without root access, while MOBILedit is 36 items and 33 items for Belkasoft. Based on the test results, it can be concluded that the recommended tool according to the used scenario is Magnet Axiom.