Investigasi Bukti Digital Optical Drive Menggunakan Metode National Institute of Standard and Technology (NIST)

  • Imam Riadi Universitas Ahmad Dahlan
  • Abdul Fadlil Universitas Ahmad Dahlan
  • Muhammad Immawan Aulia Universitas Ahmad Dahlan
Keywords: Optical, Drive, Storage, NIST, Digital Evidence, Digital Forensic.

Abstract

DVD-R is a type of optical drive that can store data in one burning process. However, there is a feature that allows erasing data in a read-only type, namely multisession. The research was conducted to implement the data acquisition process which was deleted from a DVD-R using Autopsy forensic tools and FTK Imager. The National Institute of Standards and Technology (NIST) is a method commonly used in digital forensics in scope storage with stages, namely collection, examination, analysis, and reporting. The acquisition results from Autopsy and FTK-Imager show the same results as the original file before being deleted, validated by matching the hash value. Based on the results obtained from the analysis and presentation stages, it can be concluded from the ten files resulting from data acquisition using the FTK Imager and Autopsy tools on DVD-R. FTK Imager detects two file systems, namely ISO9660 and Joliet, while the Autopsy tool only has one file system, namely UDF. The findings on the FTK Imager tool successfully acquired ten files with matching hash values and Autopsy Tools detected seven files with did not find three files with extensions, *.MOV, *.exe, *.rar. Based on the results of the comparative analysis of the performance test carried out on the FTK Imager, it got a value of 100% because it managed to find all deleted files and Autopsy got a value of 70% because 3 files were not detected because 3 files were not detected and the hash values ​​were empty with the extensions * .exe, * .rar and *.MOV. This is because the Autopsy tool cannot detect the three file extensions.

 

Downloads

Download data is not yet available.

References

N.A.Muhammad, "Digital Forensik:Panduan Praktis Investigasi Komputer".Jakarta:Salemba Infotek.2012.

K. T. Shamlawi Alaa, “Wearables as Digital Evidence,” no. March, 2018.

I. Riadi, Sunardi, and P. Widiandana. “Investigating Cyberbullying on WhatsApp Using Digital Forensics Research Workshop”. Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) 4, no. 4 (August 20, 2020): 730 - 735

Riadi, I., Sunardi, & Firdonsyah, A. "Forensic Investigation Technique on Android’s Blackberry Messenger using NIST Framework". International Journal of Cyber-Security and Digital Forensics, 16(4), 198–205.2017.

Kessler, G.C., “Anti-Forensics and the Digital Investigator”.2007.

Sunardi, Riadi, I., Akbar, H., M. "Penerapan Metode Static Forensics untuk Ekstraksi File Steganografi pada Bukti Digital Menggunakan Framework DFRWS ". Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) Vol. 4 No. 3 (2020) 576 – 583.

Barbosa, E. F., & Ziviani, N. "Data structures and access methods for read-only optical disks". In Computer science (pp. 189-207). Springer, Boston, MA. 1992.

T. Coughlin "Media Drives Storage Growth," https://www.forbes.com/sites/tomcoughlin/2019/08/26/media-drives-storage-growth/#36fa9d804cd8,2019. [Online]. Tersedia:https://www.forbes.com/sites/tomcoughlin/2019/08/26/media-drives-storage-growth/#36fa9d804cd8. [accessed : 28 Januari 2020].

Optical Storage Technology Association. Universal Disk Format™ Specification Revision 1. 1996.

M. Fadli Hasa, A. Yudhana, A. Fadlil. "Implementasi Anti Forensik pada Harddisk Menggunakan Metode DoD 5220.22 M dan British HMG IS5 E".Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi).

Schweikert, A. "An Optical Media Preservation Strategy" Appendix Workflows.2018.

Saudi, M. M. "An overview of disk imaging tool in computer forensics". SANS Institute. 2001.

S. Ningsih, I. Riadi, and Y. Prayudi, “Digital Forensics Workflow as A Mapping Model for People, Evidence, and Process in Digital Investigation,” Int. J. Cyber-Security Digit. Forensics, vol. 7, no. 3, pp. 294–304, 2018, doi: 10.17781/p002463.

M. I. Aulia, I. Riadi, and A. Fadlil, “Storage Forensic Optical drive Menggunakan Metode Statik,” Semnastek 2019, no. 2013, pp. 756–761, 2019.

I. Riadi, A. Fadlil, and M. I. Aulia, “Review Proses Forensik Optical drive Menggunakan Metode National Institute of Justice ( NIJ )” J. Tek. Inform. dan Sist. Inf., vol. 8, no. 3, pp. 107–118, 2019.

Mustafa, I. Riadi, and R. Umar, “Rancangan Investigasi Forensik E-mail dengan Metode National Institute of Standards and Technology (NIST)” Pros. SNST, vol. 9, pp. 121–124, 2018.

V. A. Yuliani and I. Riadi, “Forensic Analysis WhatsApp Mobile Application on Android-Based Smartphones Using National Institute of Standard and Technology ( NIST ) Forensic Analysis WhatsApp Mobile Application On Android Based Smartphones Using National Institute of Standard and Tec,” vol. 8, no. November, pp. 223–231, 2019.

A. Hadi, I. Riadi, and Sunardi, “Forensik Bukti Digital Pada Solid State Drive (SSD) NVMe Menggunakan Metode National Institute of Standards and Technology (NIST),” Semnastek 2019, pp. 551–558, 2019.

A. Tanner and D. Dampier, “Concept mapping for digital forensic investigations,” IFIP Adv. Inf. Commun. Technol., vol. 306, pp. 291–300, 2009, doi: 10.1007/978-3-642-04155-6_22.

I. Riadi, R. Umar, and A. Firdonsyah, “Forensic tools performance analysis on android-based blackberry messenger using NIST measurements,” Int. J. Electr. Comput. Eng., vol. 8, no. 5, pp. 3991–4003, 2018, doi: 10.11591/ijece.v8i5.pp3991-4003.

K. Kent, S. Chevalier, T. Grance, and H. Dang, “Guide to Integrating Forensic Techniques into Incident Response,” Natl. Inst. Stand. Technol., 2006.

Published
2020-10-30
How to Cite
Imam Riadi, Abdul Fadlil, & Muhammad Immawan Aulia. (2020). Investigasi Bukti Digital Optical Drive Menggunakan Metode National Institute of Standard and Technology (NIST). Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 4(5), 820-828. https://doi.org/10.29207/resti.v4i5.2224
Section
Information Systems Engineering Articles