• Tidak ada hasil yang ditemukan

DIGITAL FORENSIC INVESTIGATION – METHOD FOR IDENTIFICATION AND ANALYSIS OF MALICIOUS SOFTWARE ON LINUX SYSTEM

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2023

Membagikan "DIGITAL FORENSIC INVESTIGATION – METHOD FOR IDENTIFICATION AND ANALYSIS OF MALICIOUS SOFTWARE ON LINUX SYSTEM"

Copied!
9
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 9 Halaman )

Teks penuh

(1)

By

Ahmad Zaid Zam Zami

A Thesis submitted to the Master Study Program of

INFORMATION TECHNOLOGY

In Partial Fulfillment of the Requirements for

MASTER'S DEGREE

IN

INFORMATION TECHNOLOGY

Swiss German University Education Town BSD City

Tangerang 15339 Indonesia

January 2014

Revision after the Thesis Defense on 18 February 2014

(2)

Ahmad Zaid Zam Zami

STATEMENT BY THE AUTHOR

I hereby declare that this submission is my own work and to the best of my knowledge, contains no material previously published or written by another person, nor material which to a substantial extent has been accepted for the award of any other degree or diploma at any educational institution, except where due acknowledgement is made in the thesis.

Ahmad Zaid Zam Zami

_______________________________________ ________________

Student Date

Approved by:

Dr. Ir. Moh. A. Amin Soetomo, M.Sc.

________________________________________ __________________

Thesis Advisor Date

Charles Lim, M.Sc., ESCA, ECSP, ECIH, CEH, CEI

________________________________________ __________________

Thesis Co-Advisor Date

Dr. Ir. Gembong Baskoro, M.Sc.

______________________________________ _________________

Dean Date

(3)

Ahmad Zaid Zam Zami

© Copyright 2014 by Ahmad Zaid Zam Zami

All rights reserved

(4)

ABSTRACT

DIGITAL FORENSIC INVESTIGATION – METHOD FOR IDENTIFICATION AND ANALYSIS OF MALICIOUS SOFTWARE

ON LINUX SYSTEM

By

Ahmad Zaid Zam Zami

Dr. Ir. Moh. A. Amin Soetomo, M.Sc.

Charles Lim, M.Sc., ESCA, ECSP, ECIH, CEH, CEI

SWISS GERMAN UNIVERISTY

Malware (malicious software) has become the most serious security threats on the Internet. There is a malware that is created to provide remote access to the victim computer by bypassing normal authentication known as backdoor. Criminals are making extensive use of backdoor to control computers and steal confidential or proprietary information. The information can be used to commit fraud, identity theft, or can be sold or traded to others. Therefore, forensic investigator need to have suitable methodology to identify and analyze a computer that is compromised by malware. This study aimed to identify artifacts or digital trail that can be potentially as evidence that may be left by the backdoor installed on a victim's computer. The final results of this study will be used as a guide or user manual for law enforcement officers in conducting searches of digital evidence, especially on an infected computer.

Keywords: Computer forensic, cyber crime, malware, linux.

(5)

DEDICATION

I dedicate this thesis to my family, my parents and faculty of engineering and information technology in SGU (Swiss German University), Tangerang - Indonesia and all people who need guidance in implementation of Incident Handling using Computer Forensic Methodology.

(6)

ACKNOWLEDGMENTS

The author also wishes to express utmost gratitude to my beloved wife Dhahiri Hagyar Siwi, my bautiful daughters Aisha Mughny Shaliha and Qanita Izzatul Himmah. The author thanks them for all encouragement, the strength, patience, and supports they give for the completion of this research

The author also thanks to Dr. Ir. Moh. A. Amin Soetomo M.Sc. as the advisor and Mr.

Charles Lim, M.Sc, as co advisor. They have provided guidance, suggestions, idea, feedbacks, and supports that helped to shape of this work.

Thanks to Prof. Dr. Heiko Schoeder, Prof. Dr. Ing Wolfram Stanek, Mr. Kho I Eng, Dr. Ir. Gembong Baskoro, M.Sc., Dr. Harya Damar Widiputra, Mr.

Reggio Hartono, Ms. Rachmawati, Ms. Cornelia Manik and other Swiss German University members for the supports.

Last but not least, the author also would like to thank all of MIT students and friends: Prof Richardus Eko Indrajit, Dwi Ade Handayani Capah, Tita Latifah, Muhammad Salahudien Manggalani, Carlia for their support in providing information and references that helped in completion of this work.

(7)

STATEMENT BY THE AUTHOR ...………...2

ABSTRACT ...………...4

DEDICATION ...………...5

ACKNOWLEDGMENTS ...………...6

CHAPTER 1 - INTRODUCTION ..………...10

1.1 Background ..………...10

1.2 Research Objectives ...………...10

1.3 Research Limitations ....………...11

1.4 Research Problems ...………...11

1.5 Significant of Study ...………...12

1.6 Research Questions ...………...12

1.7 Methodology ...………...12

1.8 Thesis Structure ...………...12

CHAPTER 2 - LITERATURE REVIEW ..………...14

2.1 Digital Forensic Investigation ..………...14

2.1.1 Digital Evidence...………...15

2.1.2 Digital Analysis Type...………...16

2.1.3 Digital Forensic Investigation Stages.………...18

2.2 Hardisks Technolgoy ..………...19

2.2.1 Hardisk Geometry...………...19

2.2.2 Hardisk Cluster...………...21

2.2.3 Hardisk Partition...………...22

2.2.4 Master Boot Record...………...23

CHAPTER 3 - METHODOLOGY ...………...26

3.1 Framework...………...26

3.2 Research Flow... ...………...28

3.3 Problem Identification...…...28

3.4 Literature Study...28

3.5 Experiment...…...29

3.5.1 Virtual Machine Implementation…...29

3.5.2 Tools...29

(8)

3.5.4 Type of Toolkits...30

3.5.5 General Procedure...30

3.5.6 Volatile Data Collection...31

3.5.7 Live System Acquisition...31

3.6 Validation...…...32

3.7 Output...…...32

CHAPTER 4 - RESULT & DISCUSSION ..………...33

4.1 Mounting Forensic Tools ..………...33

4.2 Collection... ...………...33

4.2.1 Volatile Data Collection.………...33

4.2.2 Live System Acquisition...37

4.3 Analysis...………...39

4.4 Expert Validation...………...39

CHAPTER 5 - CONCLUSION & RECOMMENDATION .……...43

5.1 Volatile Data Evidence ..………...43

5.2 Backdoor Identification Guideline ...………...43

5.3 Recommendation ....………...44

REFERENCES...………...45

APPENDICES...………...46

CURRICULUM VITAE...………...81

(9)

LIST OF TABLES

Table 1 Master boot record layout ………....23

Table 2 Partition table entry ………...24

Table 3 Common partition type ....………....25

LIST OF FIGURES Figure 1 Hard disk layout ...………...20

Figure 2 Computer forensic framework .………...……….26

Figure 3 Research flow...………...28

Figure 4 Fdisk command ouput ...……….31

Figure 5 Ifconfig command ...……….34

Figure 6 Lsof command ...………....35

Figure 7 Lsof output ...……….36

Figure 8 Tcpdump command ………...36

Figure 9 DD command ...……….37

Figure 10 File system information ...………....38

Figure 11 Read-only mounting ...………38

Figure 12 Rogue process ...……....………....39

Figure 13 Malicious packet, user creation ………...40

Figure 14 Malicious packet, directory hiding ...………...40

Figure 15 Bash history output ………...41

Referensi

Unduh sekarang ( PDF - 9 Halaman - 0.97 MB )

Dokumen terkait

AKTIVITAS PASAR LOAK PAKAIAN BEKAS DI KOTA PANGKALPINANG DALAM PERSPEKTIF TEORI PERTUKARAN SOSIAL PETER MICHAEL BLAU

Penelitian ini bertujuan mengetahui perkembangan aktivitas pasar loak pakaian bekas di Kota Pangkalpinang serta menggambarkan faktor apa saja yang menjadi pendukung

PERAN FORUM KERUKUNAN UMAT BERAGAMA (FKUB) KOTA BATAM DALAM MEWUJUDKAN TOLERANSI UMAT BERAGAMA - Institutional Repository of IAIN Tulungagung

Salah satu sikap yang harus dimiliki oleh seseorang untuk menjaga kerukunan antarumat beragama adalah adanya sikap untuk mengakui keberadaan pihak lain. Setiap

Gizi seimbang dalam siklus hidup manusia

Konsumsi lemak yang dianjurkan adalah 30% atau kurang dari total kalori yang dibutuhkan. Konsumsi lemak total yang terlalu tinggi (lebih dari 40% dari

PP 47 Tahun 2014 Tentang Perubahan PP 43 Tahun 2014

dimaksud pada ayat (1), menteri yang menyelenggarakan urusan pemerintahan di bidang pemerintahan dalam negeri berkoordinasi dengan menteri yang menyelenggarakan urusan

Analisis Kandungan Mineral Kalsium, Magnesium, Kalium dan Natrium Pada Biji Kakao (Theobroma cacao Linn.) Non Fermentasi dan Fermentasi Secara Spektrofotometri Serapan Atom

Penelitian ini betujuan untuk mengetahui kadar mineral kalsium, magnesium, kalium dan natrium yang terdapat pada biji kakao non fermentasi dan fermentasi, serta untuk

Institutional Repository | Satya Wacana Christian University: Asas Keadilan dalam Pengaturan Pengelolaan Pertambangan di Indonesia T2 322010001 BAB II

Indonesia yang adil maksudnya tak lain daripada memberikan perasaan kepada seluruh rakyat bahwa ia dalam segala segi penghidupannya diperlakukan secara adil

Peranan Internal Auditing Dalam Menunjang Tingkat Kolektibilitas Piutang (Studi Kasus Pada PT Cahaya Kalbar Tbk).

Untuk mengatasi kelemahan, penulis akan memberikan beberapa saran, yaitu : sebaiknya fungsi internal auditing diperluas tidak hanya pada pemeriksaan administrasi tetapi

Reverse Engineering Outer Fender pada Mobil Mini Truk Esemka

Tujuan dari penelitian ini untuk membandingkan hasil pengambilan data dengan menggunakan CMM manual dan CMM dari Mitutoyo, data yang didapatkan digunakan untuk