Analisis Forensik Solid State Drive (SSD) Menggunakan Framework Rapid Response

Penulis

DOI:

https://doi.org/10.25126/jtiik.2019651516

Abstrak

Teknologi komputer pada empat tahun terahir ini mengalami perkembangan yang pesat. Bersamaan dengan itu juga berdampak negatif salah satunya adalah berupa kejahatan komputer. Kejahatan komputer akan meninggalkan jejak aktivitas kejahatan, maka perlu dilakukan analisa dengan ilmu dan metode forensik untuk mendapatkan barang bukti. Bagaimana jika terjadi kejahatan komputer pada media penyimpanan komputer berjenis non-volatile memory dan dilakukan secara live forensik. Pada penelitian ini dilakukan proses forensik pada Solid State Drive (SSD) dengan framework Grr Rapid Response pada kasus kehilangan data (lost data) suatu organisasi. Langkah kerja forensik mengimplementasikan dari National Institute of Standards Technology (NIST). Framework Grr Rapid Response digunakan untuk memberikan tanggapan terhadap insiden forensik digital yang difokuskan pada lingkungan forensik jarak jauh, framework ini berbasis arsitektur client server. Hasil penelitian ini menunjukkan langkah kerja forensik NIST dapat diimplementasikan pada proses pengambilan bukti digital dengan metode akuisisi secara live forensik,  kemampuan tool forensik pada proses eksaminasi Grr Rapid Response pada Workstation (Client Grr) dengan media simpan SSD, bukti digital dapat ditemukan dan dikembalikan. Bukti digital yang dapat dikembalikan berupa file dokumen, dan hasil validasi pada bukti digital tersebut memiliki nilai hash yang sama dari dua algoritma validasi bukti digital yang diimplementasikan, MD5 dan SHA-1. Sehingga hasil integritas dari dokumen tersebut menunjukkan bahwa bukti digital tersebut identik.

 

Abstract

Computer technology in the last four years has experienced rapid development. At the same time, it also has a negative impact, one of which is a computer crime. Computer crime will leave traces of criminal activity, so it is necessary to analyze with forensic science and methods to obtain evidence. What if there is a computer crime on a computer storage medium of a type of non-volatile memory and carried out live forensics In this study a forensic process on Solid State Drive (SSD) was carried out with the Grr Rapid Response framework for lost data in an organization. The forensic work step is implemented from the National Institute of Standards Technology (NIST). The Grr Rapid Response Framework is used to provide responses to incidents of digital forensics focused on remote forensic environments, this framework is based on a client server architecture. The results of this study indicate that NIST's forensic work steps can be implemented in the process of taking digital evidence with live forensic acquisition methods, the ability of forensic tools in the Grr Rapid Response examination process on Workstations (Client Grr) with SSD storage media, digital evidence can be found and returned. Digital evidence that can be returned is a document file, and the results of the validation of digital evidence have the same hash value from the two digital proof validation algorithms implemented, MD5 and SHA-1. So the results of the integrity of the document so that the digital evidence is identical.


Downloads

Download data is not yet available.

Referensi

ACHARYA, S., GLENN, W., & CARR, M. (2015). A GRReat framework for incident response in healthcare. Proceedings - 2015 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2015, 776–778. Tersedia melalui: https://ieeexplore.ieee.org/ document/7359784

AGARWAL, A., GUPTA, M., & GUPTA, S. (2011). Systematic Digital Forensic Investigation Model. International Journal of Computer Science and Security (IJCSS), 5(1), 118–131.

AHMAD, M. S., RIADI, I., & PRAYUDI, Y. (2017). Investigasi Live Forensik Dari Sisi Pengguna Untuk Menganalisa Serangan Man in the Middle Attack Berbasis Evil Twin. ILKOM Jurnal Ilmiah, 9(4), 1–8. Tersedia melalui: http://jurnal.fikom.umi.ac.id/index.php/ILKOM/article/view/103/60 [Diakses 15 Oktober 2018]

CRUZ, F., MOSER, A., & COHEN, M. (2015). A scalable file based data store for forensic analysis. Digital Investigation, 12(1), 90–101.

CYBEREDGE. (2018). 2018 Cyberthreat Defense Report. CyberEdge Group. Tersedia melalui: https://cyber-edge.com/wp-content/uploads/ 2018/03/CyberEdge-2018-CDR.pdf [Diakses 23 Desember 2018]

FAIZ, M. N., UMAR, R., & YUDHANA, A. (2017). Implementasi Live Forensics untuk Perbandingan Browser pada Keamanan Email. JISKa, 1(2), 108–114.

FIRDONSYAH, A., RIADI, I., & SUNARDI. (2016). Analisis Forensik Bukti Digital Blackberry Messenger Pada Android. CLICK 2016, STMIK Pamitran, 1(1), 25–29.

GEIER, F. (2015). The Differences Between SSD and HDD Technology Regarding Forensic Investigations. Linnaeus University Sweden. Tersedia melalui: http://lnu.diva-portal.org/

smash/get/diva2:824922/FULLTEXT01.pdf [Diakses 24 November 2018]

JAHANKHANI, H., AL-NEMRAT, A., & HOSSEINIAN-FAR, A. (2014).

Cybercrime classification and characteristics. Cyber Crime and Cyber Terrorism Investigator’s Handbook. Elsevier Inc.

MAZDADI, M. I., RIADI, I., & LUTHFI, A. (2017). Live Forensics on RouterOS using API Services to Investigate Network Attacks. International Journal of Computer Science and Information Security (IJCSIS), 15(2), 406–410.

MULIANDRI, E., TRISNAWAN, P. H., & AMRON, K. (2019). Analisis Perbandingan Kinerja Routing Protokol IS-IS dengan Routing Protokol EIGRP dalam Dynamic Routing. Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer (JPTIIK), 3(2), 9221–9228.

PRAYOGO, A., RIADI, I., & LUTHFI, A. (2017). Mobile Forensics Development of Mobile Banking Application using Static Forensic. International Journal of Computer Applications, 160(1), 5–10.

PUTRA, R. A., FADLIL, A., & RIADI, I. (2017). Forensik Mobile Pada Smartwach Berbasis Android. Jurnal Rekayasa Teknologi Informasi (JURTI), 1(1), 41–47.

RASHEED, H., HADI, A., & KHADER, M. (2017). Threat Hunting Using GRR Rapid Response. In 2017 International Conference on New Trends in Computing Sciences (ICTCS), IEEE 2018, 155–160 Tersedia melalui: https://ieeexplore. ieee.org/document/8250281

REICHERT, Z., RICHARDS, K., & YOSHIGOE, K. (2015). Automated forensic data acquisition in the cloud. Proceedings - 11th IEEE International Conference on Mobile Ad Hoc and Sensor Systems, MASS 2014, 725–730.

RIADI, I., SUNARDI, & FIRDONSYAH, A. (2017). Forensic Investigation Technique on Androids Blackberry Messenger using NIST Framework. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 16(4), 198–205.

RIADI, I., UMAR, R., & FIRDONSYAH, A. (2017). Identification of Digital Evidence on Android’s Blackberry Messenger Using NIST Mobile Forensic Method. International Journal of Computer Science and Information Security (IJCSIS), 15(5), 155–160.

RIADI, I., UMAR, R., & NASRULLOH, I. M. (2018). Experimental Investigation of Frozen Solid State Drive on Digital Evidence with Static Forensic Methods. Lontar Komputer : Jurnal Ilmiah Teknologi Informasi, 9(3), 169-181.

RIDHO, F., YUDHANA, A., & RIADI, I. (2016). Analisis Forensik Router Untuk Mendeteksi Serangan Distributed Danial of Service (DDoS) Secara Real Time, Prosiding - Annual Research Seminar, ARS 2016 UNSRI, 2(1), 111–116. Tersedia melalui: http://ars.ilkom. unsri.ac.id [Diakses 7 September 2018]

SILBERSCHATZ, A., GALVIN, P. B., & GAGNE, G. (2013). Operating System Concepts. (Beth Lang Golub, Ed.) (9th ed.). United States of America: John Wiley & Sons, Inc.

UMAR, R., RIADI, I., & SUGANDI, A. (2017). Investigasi Bukti Digital Pada File Dokumen menggunakan framework GRR Rapid Response. Prosiding - Seminar Nasional Teknologi Informasi dan Komunikasi, SEMANTIKOM 2017 UNIRA, 1–6. Tersedia melalui: https://semantikom.unira.ac.id/2017/ [Diakses 27 Oktober 2018]

UMAR, R., YUDHANA, A., & FAIZ, M. N. (2018). Experimental Analysis of Web Browser Sessions using Live Forensics Method. International Journal of Electrical and Computer Engineering (IJECE), 8(5), 2951–2958.

Diterbitkan

08-10-2019

Terbitan

Bagian

Ilmu Komputer

Cara Mengutip

Analisis Forensik Solid State Drive (SSD) Menggunakan Framework Rapid Response. (2019). Jurnal Teknologi Informasi Dan Ilmu Komputer, 6(5), 509-518. https://doi.org/10.25126/jtiik.2019651516