Identifikasi Bukti Forensik Jaringan Virtual Router Menggunakan Metode NIST

Identification of Forensic Evidence for Virtual Router Networks Using the National Institute of Standard and Technology (NIST) Method

  • Firmansyah. Universitas Ahmad Dahlan
  • Abdul Fadlil Universitas Ahmad Dahlan
  • Rusydi Umar Universitas Ahmad Dahlan
Keywords: Virtualization, Forensics, Evidence, Traffic, NIST

Abstract

The evolution information technology has led to the growth of virtualization technology. Router OS is the operating system of the Mikrotik Router, which supports virtualization. Router Os virtualization technique which is easy to run is a metarouter. Metarouter provides benefits such as, building virtual servers, virtual machines, network topology and savings cost. As an object of research, Metarouter introduces challenges to digital forensic investigations, both practitioners and academics. Investigators need to use methodology and tools in order to prove the perpetrators of crimes. This study uses the Windump forensic tool as a means of recording network traffic activity. Network Miner and Wireshark as an analytical tool for identifying digital evidence. The use of the National Institute of Standard and Technology (NIST) method which collection, examination, analysis and reporting, can be repeated and maintained with the same data. Based on experiments with virtual router network traffic testing, the system built has succeeded in obtaining digital evidence, either by direct or indirectly. The system scenario that has been planned succeeded recording 220494 packages, but by the Windump, it is automatically divided into 9 (nine) parts of the package which are Buktidigital0 to Buktidigital8. The inspection stage produces evidence that has been verified by Wireshark and Network Miner. The analysis stage proves that there were attacks carried out by addresses 192.168.10.10 and 192.168.234.10. Based on the results of forensic testing, the use of the NIST method on a forensic system that has been built with a virtual router object can be used by investigators to identify evidence of cyber-attacks.

 

Downloads

Download data is not yet available.

References

C. M. Galang, S. Eko, and A. Imam, “Teknik Virtualisasi Router Menggunakan Metarouter Mikrotik (Studi Kasus: Laboratorium Jaringan Komputer Politeknik Negeri Lampung),” 2017.

A. Asmunin and A. Hermawan, “Penerapan dan Analisis Virtualisasi Router Menggunakan RouterOS,” Multinetics, 2 (1), pp. 31–34, 2016.

S. I. Kuribayashi, “Virtual routing function deployment in NFV-based networks under network delay constraints,” Int. J. Comput. Networks Commun., 10 (1), pp. 35–44, 2018.

B. O. Nassar and T. Tachibana, “Path splitting for virtual network embedding in elastic optical networks,” Int. J. Comput. Networks Commun., 10 (2), pp. 1–13, 2018.

I. Riadi, R. Umar, and F. D. Aini, “Analisis Perbandingan Detection Traffic Anomaly Dengan Metode Naive Bayes Dan Support Vector Machine (Svm),” Ilk. J. Ilm., 11 (1), pp. 17–24, 2019.

S. A. Mandowen, “Analisis forensik komputer pada lalu lintas jaringan,” J. Sains, 16 (1), pp. 14–20, 2016.

S. Vidya and R. Bhaskaran, “ARP Storm Detection and Prevention Measures,” Int. J. Comput. Sci. Issues, 8 (2), pp. 456–460, 2011.

A. S. and D. W. Changwei Liu, “IDENTIFYING EVIDENCE FOR CLOUD FORENSIC ANALYSIS,” 2017.

M. Alim, I. Riadi, and Y. Prayudi, “Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard,” Int. J. Comput. Appl., 180 (35), pp. 23–30, 2018.

N. Hildayanti, “Forensics Analysis of Router On Computer Networks Using Live Forensics Method,” Int. J. Cyber-Security Digit. Forensics, 8 (1), pp. 74–81, 2019.

R. Towidjojo and Herman, Mikrotik MetaROUTER. Jasakom, 2016.

A. F. Fadlil and R. Umar, “Analisis Forensik Metarouter pada Lalu Lintas Jaringan Klien,” Edu Komputika, 6 (2), pp. 54–59, 2019.

Imam Riadi, Abdul Fadlil, and Muhammad Immawan Aulia, “Investigasi Bukti Digital Optical Drive Menggunakan Metode National Institute of Standard and Technology (NIST),” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), 4 (5), pp. 820–828, 2020.

M. R. Anton Yudhana, Abdul Fadlil, Setyawan, “Analisis Recovery Bukti Digital Skype berbasis Smartphone Android Menggunakan Framework NIST,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), 4 (4), pp. 682–690, 2020.

M. H. A. Sunardi, Imam Riadi, “Penerapan Metode Static Forensics untuk Ekstraksi File Steganografi,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), 4 (3), pp. 576–583, 2020.

& I. M. S. R. Putu Adhika Dharmesta, I Made Agus Dwi Suarjaya, “Efektivitas Sniffer Menggunakan Natural Language dalam Pembelajaran,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), 4 (3), pp. 392–403, 2020.

A. K. Kent, S. Chevalier, T. Grance, and H. Dang, “Guide to Integrating Forensic Techniques into Incident Response,” NIST SP800-86, August, pp. 1–20, 2006.

D. T. Yuwono, A. Fadlil, and S. Sunardi, “Performance Comparison of Forensic Software for Carving Files using NIST Method,” J. Teknol. dan Sist. Komput., 7 (3), p. 89, 2019.

R. Leutert and L. Netservices, “Microsoft SMB Troubleshooting,” 2013.

Published
2021-02-20
How to Cite
Yasin, F., Abdul Fadlil, & Rusydi Umar. (2021). Identifikasi Bukti Forensik Jaringan Virtual Router Menggunakan Metode NIST. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 5(1), 91 - 98. https://doi.org/10.29207/resti.v5i1.2784
Section
Information Technology Articles

Most read articles by the same author(s)