FORENSIC ANALYSIS OF DIGITAL ARTIFACTS OF QR CODE PHISHING ATTACK AT 'AISYIYAH UNIVERSITY YOGYAKARTA
Abstract
Abstract: The use of QR Codes in academic settings has increased with the digitization of attendance systems, but it has also introduced potential abuse in the form of quishing attacks (QR phishing). Previous studies have mainly focused on user behavior, while forensic analysis of digital artifacts as evidence is still limited. This study aims to conduct a forensic analysis of browser artifacts resulting from interactions with dangerous QR Codes at Aisyiyah University Yogyakarta using the framework of the National Justice Institute (NIJ). Six investigation parameters are defined: domain identification, endpoint identification, identification of supporting resources, visualization of image artifacts, timestamp correlation, and HTML reconstruction. Data is obtained from the Google Chrome profile directory and analyzed using Autopsy, focusing on Web Cache, Browser History, and Cookies artifacts. The results showed that five parameters were successfully identified with an investigation success rate of 83.3%, while HTML reconstruction could not be fully achieved due to cache limitations. These findings show that Web Cache artifacts provide evidentiary value in the forensic investigation of QR Code-based attacks. Future research should focus on improving full-page reconstruction techniques.
Keywords: browser forensics; digital artifacts; NIJ; quishing; Web Cache
Abstrak: Penggunaan Kode QR di lingkungan akademik telah meningkat seiring dengan digitalisasi sistem absensi, tetapi juga menimbulkan potensi penyalahgunaan dalam bentuk serangan phishing (QR phishing). Studi sebelumnya sebagian besar berfokus pada perilaku pengguna, sementara analisis forensik artefak digital sebagai bukti masih terbatas. Studi ini bertujuan untuk melakukan analisis forensik artefak browser yang dihasilkan dari interaksi dengan Kode QR berbahaya di Universitas 'Aisyiyah Yogyakarta menggunakan kerangka kerja Lembaga Kehakiman Nasional (NIJ). Enam parameter investigasi didefinisikan: identifikasi domain, identifikasi titik akhir, identifikasi sumber daya pendukung, visualisasi artefak gambar, korelasi stempel waktu, dan rekonstruksi HTML. Data diperoleh dari direktori profil Google Chrome dan dianalisis menggunakan Autopsy, dengan fokus pada artefak Cache Web, Riwayat Browser, dan Cookie. Hasil menunjukkan bahwa lima parameter berhasil diidentifikasi dengan tingkat keberhasilan investigasi sebesar 83,3%, sementara rekonstruksi HTML tidak dapat sepenuhnya dicapai karena keterbatasan cache. Temuan ini menunjukkan bahwa artefak Cache Web memberikan nilai bukti dalam investigasi forensik serangan berbasis Kode QR. Penelitian selanjutnya harus fokus pada peningkatan teknik rekonstruksi halaman penuh.
Kata kunci: forensik peramban; artefak digital; NIJ; quishing; web cache
References
J. Hendrawan, I. D. Perwitasari, and F. Maulana, "QR Code-Based Attendance Systems in Education: A Systematic Literature Review on Data Accuracy and Sustainable School Management," CESSMUDS 1, no. 2020, pp. 80–87, 2024.
X. Zhang et al., "Demystifying (In) QR Code-based Login Security in Real-World Applications Demystifying QR Code-Based Login Security in Real-World Applications," The 34th USENIX Security. Symptoms., 2025.
F. Sharevski, G. Schiefer, and M. Volkamer, "Exploring Phishing Threats via QR Codes in Naturalistic Settings," USEC 2024 SymptomsNo. February, 2024.
G. A. Amoah, "QR Code Security: Reducing Quishing (QR Code Phishing) Problems," Int. J. Computing. Application.Nope. October, 2022, doi: 10.5120/ijca2022922425.
A. W. Tenri, F. Singkeruang, S. Ega, and S. Nuraeni, "Mitigating the Risk of Qushing Threats (QR Phishing) using the Security Behavior Intentions Scale (SeBIS) in supporting digital economy security," Parade. J. Economics., vol. 8, no. 2, pp. 685–696, 2025.
M. Kowalewski, L. Lassak, M. Dürmuth, T. Schnitzler, and the U.S. Symposium, "Scanned and Deceived: Insecurity by ObsQRity? Measuring User Vulnerability and QR Code-Based Attack Awareness," The 34th USENIX Security. Symptoms., 2025.
N. Nigam and R. Bhandari, "Performance Analysis of QR Phishing Detection Approach," J. Info. Syst. Eng. Manag., vol. 10, pp. 221–225, 2025.
M. Geisler, D. Pöhn, and W. Hommel, "arXiv : 2407 . 16230v1 [ cs . CR ] 23 Jul 2024 Hooked: A Real-World Study on QR Code Phishing," arXiv: 2204.03714, 2024.
M. W. Akram, K. Sood, S. Member, and M. U. Hassan, "QR ̈ ıS: A Novel Preemptive Method to Overcome Detection Through QR Structural Features," arXiv: 2510.17175, pp. 1–13, 2025.
F. Sharevski, A. Devine, and E. Pieroni, Gone Quishing : Phishing Field Study with Malicious QR Codes, vol. 1, no. 1. Association for Computing Engines, 2022.
J. Management and P. Finance, "QR-PHISHING RISK MITIGATION IN INDONESIAN DIGITAL PAYMENTS THROUGH THE SECURITY BEHAVIOR INTENT SCALE (SEBIS)," J. Manaj. Perbank. Nitro, vol. 1, no. 3, pp. 78–92, 2025, doi: 10.56858/jmpkn.v1i3.757.
A. Trivedi, K. Jangal, and R. Gupta, "Phishing Detection in Advanced QR Code Attacks: AI-Based Challenges and Solutions," IJRASETTidak. January, 2025.
D. Forensics, "Forensic Google chrome Hitesh Sanghvi Digvijaysinh Rathod*Salem Yahya Altaleedi, Abdulaziz Saleh AlThani, Mohammed Abd Alrhman Alkhawaldeh and Abdulrazaq Almorjan Ramya Shah Tanveer Zia," Int. J. Elec. Secur. Digit. Forensic, vol. 15, no. 6, 2023.
A. Firdonsyah, "Comparative Analysis of Forensic Software for Android-based Blackberry Messenger Using NIJ Framework and NIST Measurement," IJCSDF, vol. 10, no. 2, pp. 78–90, 2021.
A. Firdonsyah and D. Wijayanto, "Forensic Analysis of Digital Document Engineering with NIJ," IJCSDF, vol. 11, no. 2, pp. 34–39, 2022.
