Cyber Tool for Digital Forensic Investigation

1. Introduction and Background

1.1 Introduction

In today’s hyper-connected digital era, the risk of cyber threats such as spam files, phishing
websites, and insecure WiFi networks has significantly increased. With smartphones becoming
central to both personal and professional activities, the need for mobile cybersecurity solutions is
more crucial than ever. Cyber Shield is a smart Android application designed to tackle these
challenges by offering users real-time detection of potential cyber threats. The app empowers
individuals to proactively assess the safety of files, websites, and wireless networks directly from
their mobile devices. By integrating multiple layers of security checks into a user-friendly
interface, Cyber Shield provides a comprehensive approach to everyday digital protection.
This project leverages modern Android development practices and backend integration to deliver
efficient and reliable threat analysis. Whether it’s identifying spam files, checking the security
posture of a website, or analyzing WiFi safety, Cyber Shield acts as a digital shield—enhancing
user awareness and promoting secure online behavior. Cyber tools for digital forensic
investigation have developed in response to the growing complexity of cybercrime, starting with
the rise of computers in the 1970s and 1980s. Initially, crimes like financial fraud and hacking
were difficult to investigate due to the lack of standardized methods or tools to retrieve and analyze
digital data.
As the internet expanded in the 1990s, the need for specialized tools became urgent, leading to
the creation of early forensic software like EnCase and Forensic Toolkit (FTK). These tools
enabled investigators to recover deleted files, examine file systems, and present digital evidence
in court. The 2000s saw the increasing importance of mobile devices, cloud computing, and
encrypted data in investigations.
This prompted the development of more advanced cyber forensic tools capable of extracting data
from a wider range of sources, including smartphones, social media platforms, and cloud storage.
Alongside technological advances, the legal framework for handling and presenting digital
evidence became more structured, ensuring that evidence could meet judicial standards. Today,
with the integration of AI, machine learning, and big data analytics, cyber forensic tools are more
powerful and efficient. They can handle new challenges such as Internet of Things (IoT) forensics
and blockchain investigations, making them crucial in combating modern cybercrime.

Department of Computer Technology (2024-25) 1

 Cyber Tool for Digital Forensic Investigation

1.2 Background

As digital dependence grows, so does the surface area for cyberattacks. Every day, users
unknowingly download malicious files, visit phishing websites, or connect to unprotected WiFi
networks, exposing themselves to data breaches, identity theft, and financial loss. Traditional
cybersecurity tools, while powerful, are often complex and designed for desktop environments,
leaving mobile users vulnerable. With the widespread use of Android smartphones, there is a
pressing need for security solutions that are both accessible and effective on mobile platforms.
Many users lack the technical knowledge to evaluate digital threats manually, creating a demand
for automated, intelligent tools that can analyze risks in real-time without overwhelming the user.
CyberShield was conceptualized to fill this gap. It aims to simplify mobile cybersecurity by
providing quick and accurate assessments of files, websites, and wireless networks. By offering
these features in a single Android application, the project addresses the increasing need for on-the-
go digital protection in a convenient and intuitive format. As cyber threats continue to evolve in
complexity and frequency, the demand for advanced digital forensic tools has never been more
critical. Modern investigative efforts must encompass multiple vectors of attack, including web-
based vulnerabilities, wireless network exploits, and malicious file distribution. Traditional tools
often fall short in addressing these diverse areas in a unified manner. To bridge this gap, the
proposed cyber tool integrates three core capabilities essential to comprehensive digital forensic
investigation:
Website Security Analysis: Scans websites for vulnerabilities such as SQL injection, cross-site
scripting (XSS), and outdated software components, aiding in the identification of attack surfaces
exploited by threat actors.
WiFi Network Analysis: Monitors wireless network traffic to detect unauthorized access, packet
sniffing, and potential man-in-the-middle attacks, ensuring the integrity of digital evidence and
network security.
File Detection and Analysis: Detects and analyzes suspicious or malicious files, including
executables and document-based threats, using signature-based and heuristic techniques to
uncover hidden malware or data exfiltration attempts.

Department of Computer Technology (2024-25) 2

 Cyber Tool for Digital Forensic Investigation

2. Literature survey and Problem Definition

2.1 Literature survey

[1] Vihara Fernando [email protected] Department of Computer Systems Engineering,

Faculty of Graduate Studies and Research, Sri Lanka Institute of Information Technology,
New Kandy Road, Malabe. “Cyber Forensics Tools: A Review on Mechanism and Emerging
Challenges”
With the development of technology, “Data”, also interpreted as “Information” has become a
major role played in the field of Cyber Forensics. One of the most crucial incidents which needs
data to be important is, when it is taken as evidence in cyber-crimes. These crimes can be occurring
in the fields of digital media and network in many instances related to crime scenes. Crime and
forensic both investigators need the help of digital forensics

[2] Mary Geddes De Montfort University Leicester, UK Dr Pooneh Bagheri Zadeh De

Montfort University Leicester, UK “Forensic Analysis of Private Browsing”
Private browsing is popular for many users who wish to keep their internet usage hidden from
other users on the same computer. This research examines what artefacts are left on the users’
computer using digital forensic tools. The results from this research help inform recommendations
for forensic analysts on ways to analyse private browsing artefacts.

[3] Ifeoma U. Ohaeri1 Computer Science Department North-West University Mafikeng

North-West Province, South Africa Bukohwo M. Esiefarienhe2 Computer Science
Department North-West University Mafikeng North-West Province, South Africa Digital
“Forensic Process Model for Information System and Network Security Management”
The huge dependence on systems and networks for effective operation at all levels has heightened
the rate of systems and networks attacks. Attackers do lunch attacks without the fright of their
actions being traceable. This has made safety and security a global concern. There is need to
revolutionize security measures consistently in other to effectively combat cyber-attacks and
crimes by designing a Digital Forensic process model with the various relevant phases that can be
used to extract digital evidences by investigating digital information, produced, stored, or
transmitted by computers or electronic devices for legal proceedings. This measure will greatly
improve cyber security and combat cybercrimes.

Department of Computer Technology (2024-25) 3

 Cyber Tool for Digital Forensic Investigation

[4] Arjun Anand V,Buvanasri A K,Meenakshi R,Karthika S, Ashok Kumar Mohan,2020 4th
International Conference on Computer, Communication and Signal Processing (ICCCSP)
Year: 2020 “PeopleXploit: A hybrid tool to collect public data ”Year: 2020
This paper introduces the concept of Open Source Intelligence (OSINT) as an important
application in intelligent profiling of individuals. With a variety of tools available, significant data
shall be obtained on an individual as a consequence of analyzing his/her internet presence but all
of this comes at the cost of low relevance. To increase the relevance score in profiling,
PeopleXploit is being introduced. PeopleXploit is a hybrid tool which helps in collecting the
publicly available information that is reliable and relevant to the given input.

[5] S. Al Sharif1, M. Al Ali1, N. Al Reqabi1, F. Iqbal1, T. Baker2, A. Marrington1 1College of

Technological Innovation, Zayed University, UAE 2Department of Computer Science,
Liverpool John Moores University, UK “Magec: An Image Searching Tool for Detecting
Forged Images in Forensic Investigation”
Manipulation of digital images for the purpose of forgery is a rapidly growing phenomenon that
poses a challenge for cyber-crime investigators. Distinguishing original images from duplicates
and the number of original copies within the same media are some examples of challenges
presented by duplicate digital images. In this paper, we present a new image searching tool called,
Magec, to detect duplicate image(s) on digital media, using the original image modification
attributes as a signature. First, we describe the tool and the methods used to detect duplicate
images, then we evaluate the tool’s performance based on the number of folders it searches and
the number of files it searches for.

Department of Computer Technology (2024-25) 4

 Cyber Tool for Digital Forensic Investigation

2.2 Problem Definition

In the modern digital landscape, users are constantly exposed to a wide range of cyber threats—
whether through downloading files, browsing unverified websites, or connecting to unsecured
public WiFi networks. While desktop cybersecurity solutions exist, mobile users often lack the
tools and awareness to detect and respond to these threats effectively.
Several challenges contribute to this problem:
• Lack of awareness: Many users are unaware of the security risks associated with spam files,
unsafe websites, and open WiFi networks.
• Limited mobile tools: Existing security apps are often fragmented, focusing on a single type
of threat or requiring advanced technical knowledge.
• Complexity of manual analysis: Verifying a file’s safety, a website’s security posture, or a
network’s encryption settings manually is not practical for the average user.
• Increased mobility: With users frequently accessing sensitive data on the move, especially over
public WiFi, the risk of cyberattacks is higher.
These issues underline the need for a unified, mobile-friendly solution that can automatically
detect and report potential threats across files, websites, and networks. CyberShield addresses this
problem by providing an all-in-one Android application that offers real-time detection and security
analysis with minimal user effort.

Department of Computer Technology (2024-25) 5

 Cyber Tool for Digital Forensic Investigation

3. Scope of the Project and Methodology

3.1 Project Methodology

The development of CyberShield follows a modular and systematic approach, combining mobile
application development with backend server integration to deliver real-time threat detection
capabilities. The methodology can be broadly categorized into three key phases: requirement
analysis, design and development, and testing and deployment.

1. Requirement Analysis
This initial phase involved identifying the core functionalities needed to address the cybersecurity
challenges faced by mobile users. Based on user behavior and common threat vectors, the
application was designed to focus on three primary domains:

• File spam and malware detection

• Website security analysis
• WiFi network vulnerability assessment

Relevant technologies and tools were also selected at this stage, including Android Studio (Java)
for the frontend and Flask (Python) for backend services.

2. System Design and Development

The system architecture was divided into two components:

• Frontend (Mobile Application): Developed using Java in Android Studio, this component
handles user interactions and displays the analysis results in a user-friendly format. Key
functionalities include file upload, URL input, and WiFi network scanning.

• Backend (Server Processing): Implemented using Flask, the backend receives data from the
mobile application, performs necessary analyses, and returns threat evaluation results. It
supports:
• Text file spam detection using predefined heuristics or models
• Website analysis through HTTP header checks, SSL certificate validation, and simulated
blacklist detection
• WiFi assessment using network parameters like encryption type and IP configuration
• Communication between the mobile app and backend is handled via RESTful APIs using
OkHttp for reliable and secure data transfer.

Department of Computer Technology (2024-25) 6

 Cyber Tool for Digital Forensic Investigation

3. Testing and Validation

Each module was individually tested to ensure functionality and reliability. Unit testing was
performed on the backend API endpoints, while integration testing verified seamless interaction
between the frontend and backend. The system was evaluated using multiple test cases
representing real-world scenarios, such as:
• Uploading spam and non-spam text files
• Analyzing secure and insecure websites
• Connecting to open and encrypted WiFi networks

4. Deployment and User Feedback

The final application was deployed on an Android device for real-time usage. Feedback from initial
users was used to improve the interface and optimize threat detection algorithms. Future
enhancements were also outlined based on identified limitations and potential areas of growth.

Department of Computer Technology (2024-25) 7

 Cyber Tool for Digital Forensic Investigation

3.2 Project Workflow

The development of CyberShield follows a structured workflow to ensure systematic
implementation and seamless integration of its core functionalities. The workflow is divided into
multiple stages, each addressing a specific aspect of the system, from user input to threat analysis
and result display. Below is a detailed breakdown of the workflow:

1. User Interaction and Input

The application provides three primary features for user interaction:

• File Upload: Users select a .txt file for spam detection.

• Website URL Input: Users enter a website address for security analysis.
• WiFi Network Analysis: The app automatically retrieves information about the connected WiFi
network.

2. Data Collection and Preprocessing

• For file analysis, the selected file is read and sent to the backend server.
• For website analysis, HTTP requests are made to fetch headers, SSL certificate details, and
simulate blacklist and subdomain checks.
• For WiFi analysis, the app collects network parameters such as SSID, signal strength,
encryption type, IP address, DNS server, and gateway.

3. Backend Processing (Server-Side)

• A Flask server receives file or website data through RESTful API calls.
• File content is analyzed using predefined rules or machine learning heuristics to determine if
the file is spam or safe.
• Website data is processed to evaluate:
• SSL/TLS certification
• Security headers (e.g., HSTS)
• Presence on blacklists (simulated)
• Open ports and subdomain vulnerabilities
• WiFi security is assessed locally on the device based on encryption protocols and
network type (e.g., Open, WPA2).

Department of Computer Technology (2024-25) 8

 Cyber Tool for Digital Forensic Investigation

4. Result Generation and Display

After analysis, the backend returns a JSON response with the threat status.
The mobile application processes and displays the result in a clear and informative manner,
indicating whether the input is safe, potentially risky, or unsafe.

5. User Notification and Recommendations

Based on the results, users are alerted with appropriate warnings or confirmations.

The app may suggest actions such as disconnecting from insecure WiFi or avoiding access to
suspicious websites.

Fig 3.1. Project Workflow

Department of Computer Technology (2024-25) 9

 Cyber Tool for Digital Forensic Investigation

3.3 Hardware and Software

Software
• Android Development: Java (Android Studio).
• Networking & Security: HTTPURLConnection, HTTPS detection, API integration.
• Backend for File Spam Detection: Flask (Python) server, OkHttp (for API communication).

Hardware
• Hardware: 2gb RAM
• 2ghz Dual core processor
• 512 GB HDD Storage

3.4 Advantages

• Comprehensive Threat Detection: CyberShield offers three core functionalities—file

spam detection, website security assessment, and WiFi security analysis—providing a
holistic approach to identifying and mitigating cyber threats in real-time.
• Proactive Protection: By detecting malicious files, unsafe websites, and vulnerable
WiFi networks, the app helps users avoid phishing attacks, data breaches, and other
cyber risks before they cause harm.
• WiFi Protection: WiFi analysis helps users avoid unsecured networks, protecting
sensitive data on public or private connections.
• Extensible Features: The app’s modular design (file, website, WiFi analysis) allows
for future enhancements, such as support for additional file types, advanced blacklist
integration, or IoT device security checks.
• Secure Browsing: Website security checks (e.g., SSL, HTTP headers, blacklist
detection) empower users to make informed decisions about the sites they visit.
• File Safety: Users can verify the safety of text files, reducing the risk of downloading
or sharing malicious content.

Department of Computer Technology (2024-25) 10

 Cyber Tool for Digital Forensic Investigation

4. Details of design, working and process

4.1 Architecture of project

Fig 4.1 Architecture

This image illustrates the architecture of a cybersecurity-based Android application. The system is
divided into three main components: the client side, server side, and local device analysis. On the
client side, the Android app includes modules for file scanning, website analysis, and WiFi security
checks. These modules interact with a Flask-based backend on the server side, where the API layer
receives data, the processing layer analyzes it, and a JSON response is sent back to the client.
Additionally, the WiFi security module also performs local analysis directly on the device to ensure
better network protection.

Department of Computer Technology (2024-25) 11

 Cyber Tool for Digital Forensic Investigation

4.2 Data Flow Diagram

Fig 4.2.1 DFD Level 0

Fig 4.2.2 DFD Level 1

Department of Computer Technology (2024-25) 12

 Cyber Tool for Digital Forensic Investigation

Fig 4.2.3 DFD Level 2

Department of Computer Technology (2024-25) 13

 Cyber Tool for Digital Forensic Investigation

4.3 UML Diagram

4.3.1 Class Diagram

Website Checker

Fig 4.3.1 Class Diagram

Department of Computer Technology (2024-25) 14

 Cyber Tool for Digital Forensic Investigation

4.3.2 Sequence Diagram

Fig 4.3.2 Sequence Diagram

4.3.3 Use Case Diagram

Fig 4.3.3 Use Case Diagram

Department of Computer Technology (2024-25) 15

 Cyber Tool for Digital Forensic Investigation

4.4 Activity Diagram

4.3.4 Activity Diagram

Fig 4.3.4 Activity Diagram

Department of Computer Technology (2024-25) 16

 Cyber Tool for Digital Forensic Investigation

5. Result and Application

5.1 Screenshots

Fig 5.1 Main Dashboard Fig 5.2 File detection

Department of Computer Technology (2024-25) 17

 Cyber Tool for Digital Forensic Investigation

Fig 5.3 Website and Wi-Fi security analysis

Department of Computer Technology (2024-25) 18

 Cyber Tool for Digital Forensic Investigation

5.2 Applications

1. File Spam Detection: Helps users identify and block spam or malicious files that could
contain viruses, ransomware, or spyware. Useful when downloading files from unknown
sources.

2. Website Security Assessment: Scans and evaluates websites for threats like phishing,
malware, or fake pages—ensuring safer online browsing, especially during online transactions
or logins.

3. Wi-Fi Security Analysis: Checks the security of connected Wi-Fi networks to detect
vulnerabilities like open ports or weak encryption, protecting users from data theft on public
or unsecured networks.

4. Real-Time Threat Alerts: Notifies users instantly when a potential threat is detected, allowing
quick action to prevent harm or data loss

Department of Computer Technology (2024-25) 19

 Cyber Tool for Digital Forensic Investigation

6. Conclusion and Future Scope

6.1 Conclusion

CyberShield is a comprehensive cybersecurity tool designed to offer users robust, real-time

protection against a wide range of online threats. It integrates multiple layers of security, including
advanced file protection, real-time website safety verification, and in-depth WiFi network
analysis.

By proactively scanning for malware, phishing attempts, and unsafe networks, CyberShield
ensures that users can browse, download, and connect with confidence. Its user-friendly interface
and intelligent threat detection system make it an essential companion for anyone seeking a safer
and more secure digital experience across devices.

Department of Computer Technology (2024-25) 2020

 Cyber Tool for Digital Forensic Investigation

6.2 Future scope & Limitations

• Future scope
The future scope of CyberShield lies in its potential to evolve alongside the rapidly changing
landscape of cybersecurity threats. As cyberattacks become more sophisticated, future versions of
the tool can incorporate artificial intelligence and machine learning to detect and respond to threats
in real time with greater accuracy. The integration of behavioral analysis will allow the app to
identify suspicious activity even before it is recognized as a known threat. Additionally, expanding
support for Internet of Things (IoT) devices will ensure users are protected across all connected
platforms. Future developments may also include parental controls, data privacy management
tools, and personalized security insights, making CyberShield a complete digital safety solution
for individuals and organizations.

• Limitations

1. Limited File Type Support

The system primarily focuses on .txt files for spam detection. It does not currently support
other file types like PDFs, Word documents, or executable files, which may also pose
security threats.
2. Basic Threat Detection Techniques
The application uses predefined rules and heuristic checks. While effective for common
threats, it may not detect more sophisticated or zero-day attacks that require advanced
machine learning or behavioral analysis.
3. Simulated Blacklist and SSL Checks
Website security analysis relies on simulated methods rather than real-time querying of
actual blacklists or certificate authorities. This limits the tool’s accuracy in identifying truly
dangerous websites.
4. Local WiFi Analysis Only
WiFi security assessment is performed locally on the device and might not detect more
advanced attacks like spoofed access points, ARP poisoning, or packet sniffing at a deeper
network level.

Department of Computer Technology (2024-25) 21

21
 Cyber Tool for Digital Forensic Investigation

7. References and bibliography

7.1 IEEE papers

[1] Vihara Fernando [email protected] Department of Computer Systems Engineering, Faculty

of Graduate Studies and Research, Sri Lanka Institute of Information Technology, New Kandy
Road, Malabe. “Cyber Forensics Tools: A Review on Mechanism and Emerging Challenges”

[2] Mary Geddes De Montfort University Leicester, UK Dr Pooneh Bagheri Zadeh De Montfort
University Leicester, UK “Forensic Analysis of Private Browsing”

[3] Ifeoma U. Ohaeri1 Computer Science Department North-West University Mafikeng North-
West Province, South Africa Bukohwo M. Esiefarienhe2 Computer Science Department North-
West University Mafikeng North-West Province, South Africa Digital “Forensic Process Model
for Information System and Network Security Management”

[4] Arjun Anand V,Buvanasri A K,Meenakshi R,Karthika S, Ashok Kumar Mohan,2020 4th
International Conference on Computer, Communication and Signal Processing (ICCCSP) Year:
2020 “PeopleXploit: A hybrid tool to collect public data ”Year: 2020

[5] S. Al Sharif1, M. Al Ali1, N. Al Reqabi1, F. Iqbal1, T. Baker2, A. Marrington1 1College of

Technological Innovation, Zayed University, UAE 2Department of Computer Science, Liverpool
John Moores University, UK “Magec: An Image Searching Tool for Detecting Forged Images in
Forensic Investigation”

[6] Arpita Singh,Nilu Singh,Sanjay K. Singh,Sandeep k. Nayak “Cyber-Crime and Digital

Forensics: Challenges Resolution IEEE Xplore”

[7] Mohammad Rasmi Al-Mousa,Qutaiba Al-Zaqebah,Ala'a Saeb Al-Sherideh,Mohammed Al-

Ghanim,Ghassan Samara,Sattam Al-Matarneh,Mahmoud Asassfeh
2022 International Arab Conference on Information Technology (ACIT) “Examining Digital
Forensic Evidence for Android Applications IEEE Xplore” Year: 2022

Department of Computer Technology (2024-25) 22

 Cyber Tool for Digital Forensic Investigation

7.2 Books

• Guide to Computer Forensics and Investigations"

Author: Bill Nelson, Amelia Phillips, Christopher SteuartDesign Of An Automobile Theft
Deterrent System by Ajay Dhakshana Murthy.
• "Digital Forensics and Incident Response: Incident response techniques and procedures to
respond to modern cyber threats"
Author: Gerard Johansen.
• "Computer Forensics: Cybercriminals, Laws, and Evidence"
Author: Marie-Helen Maras.

Department of Computer Technology (2024-25) 23

 Cyber Tool for Digital Forensic Investigation

8. Certificates and Published Papers

8.1 Certificates

Department of Computer Technology (2024-25) 24

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 25

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 26

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 27

 Cyber Tool for Digital Forensic Investigation

8.2 Published Paper & Certificates

Department of Computer Technology (2024-25) 28

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 29

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 30

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 31

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 32

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 33

 Cyber Tool for Digital Forensic Investigation

Department of Computer Technology (2024-25) 34