| Issue | Vol. 11 No. 1 (2025) |
| Release | 20 June 2025 |
| Section | Articles |
This research has combined the Cyber Kill Chain (CKC) model and the 5W1 H for detection and control of cybercrime such as phishing for the automation of digital forensic investigation. The most vital challenge in digital forensics is its evidence handling complexity, the lack of a standard because of diversified kinds of tools, and the non-availability of automated tools that systematically present information. Therefore, it provides a web-based framework to automate the investigation by referring to the attack stages of the CKC and identifies the contextual allegories of the incident like who, what, when, where, why, and how through the rule of 5W1H. It includes the problem identification method, collecting and classifying the digital artifacts according to CKC stages, in-depth analysis with the 5W1H framework, and visualization of investigation results for further understanding. A case study of a phishing attack on the Kredivo application was used to evaluate the effectiveness of this approach, where the CKC stages from reconnaissance to actions on objectives were implemented to analyze artifacts such as activity logs and phishing data. The results show that the integration of CKC and 5W1H improves analysis accuracy, generates comprehensive visualizations of artifacts, and strengthens response to attacks. It is expected that this finding would mean a highly significant change in the productivity of forensic investigations by making it easier for analysts and preparing proper documentation education for the court.
