Forensic Network Analysis of Metarouter Using NIST SP800-86Framework

Authors

  • Koresy Butarbutar Sekolah Tinggi Manajemen Informatika Dan Komputer Amikom Yogyakarta Author

DOI:

https://doi.org/10.1234/ys5zhj83

Keywords:

Protocol TCP / IP, NIST, ARP

Abstract

Computer networks are developing very rapidly, both in commercial institutions, in the academic world, and even in people's homes that need internet access. Internet is an acronym for Interconnection Networking, or which means a network that is widely connected. The Internet is a computer network linkage through a standard called the global Transmission Control Protocol or Internet Protocol TCP / IP, which has a system of exchanging communication packets originating through data. This study implements a virtual router network as an object for reviewing network traffic running on router hardware by utilizing network analysis tools on the Windows operating system. The framework used in the research is the National Institute of Standards and Technology (NIST). The research will end with the discovery of unusual traffic evidence using the Wireshark forensic analysis tool and Microsoft Network Monitor. The disclosure aims to be able to find the intruder's IP address from the Wireshark application and Microsoft Network Monitor, by analyzing evidence of network packets that have been prepared. Network traffic has been recorded directly using the Wireshrak tool, followed by validating the evidence between the Wireshark analysis tool and the Microsoft Network Monitor. The results of the virtual router network forensic analysis using the nist SP800-86 framework are true attacks, proven by the ARP protocol, that communication is lost between 192.168.10.5 as a client and 192.168.10.254 as a server as a result of continuous broadcast which is also proven in the ICMP protocol. Based on this research, the NIST framework uses a system that has been built with a virtual router object that analysts can use to detect cyber attacks consistently.

References

Achyani, Y. E. (2016). Keamanan Jaringan Dengan Packet Filtering Firewall (Studi Kasus: Pt. Sukses Berkat Mandiri Jakarta). Jurnal Khatulistiwa Informatika, 04(May), 31–48.

Dewi, E. K., Harini, D., & Miftachurohmah, N. (2017). Snort Ids Sebagai Tools Forensik Jaringan Universitas Nusantara Pgri Kediri. January, 411–418.

Fadlil, A., Riadi, I., Aji, S., & Dahlan, U. A. (2017). Pengembangan Sistem Pengaman Jaringan Komputer Berdasarkan Analisis Forensik Jaringan. 3(1).

Firmansyah, F., Fadlil, A., & Umar, R. (2019). Analisis Forensik Virtual router pada Lalu Lintas Jaringan Klien. Edu Komputika Journal, 6(2), 54–59. https://doi.org/10.15294/edukomputika.v6i2.35221

Hafizh, M. N., Riadi, I., & Fadlil, A. (2020). Forensik Jaringan Terhadap Serangan ARP Spoofing menggunakan Metode Live Forensic. Jurnal Telekomunikasi Dan Komputer, 10(2), 111. https://doi.org/10.22441/incomtech.v10i2.8757

Hariyadi, D., Wijayanto, H., & Sari, I. D. (2019). Analisis Barang Bukti Digital Aplikasi Paziim Pada Ponsel Cerdas Android Dengan Pendekatan Logical Acquisition. Cybersecurity Dan Forensik Digital, 2(2), 1–5.

Helmi, I., Widiyasono, N., & Gunawan, R. (2019). Simulasi Analisis Bukti Digital Pada Layanan Cloud Computing Menggunakan Metode NIST 800-86. Jurnal Media Informatika Budidarma, 3(3), 217. https://doi.org/10.30865/mib.v3i3.1193

Imam Riadi, Anton Yudhana, M. C. F. P. (2018). Akuisisi Bukti Digital Pada Instagram Messenger Berbasis Android Menggunakan Metode National Institute Of Justice (NIJ). 4, 219–227.

Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to Integrating Forensic Techniques into Incident Response. The National Institute of Standards and Technology.

Ketaren, E. (2016). Cybercrime, Cyber Space, dan Cyber Law. Times, 5(2), 35–42. http://stmik-time.ac.id/ejournal/index.php/jurnalTIMES/article/viewFile/556/126

Martias, & Djuanda, R. F. (2018). Pembatasan Jumlah Client Menggunakan Security MAC- Address with Cisco. Transistor EI (Jurnal Elektro Dan Informatika) UNISSULA, 3(3). http://lppm-unissula.com/jurnal.unissula.ac.id/index.php/EI/article/view/3481

Mustafa, Riadi, I., & Umar, R. (2018). Rancangan Investigasi Forensik E-mail dengan Metode National Institute of Standards and Technology (NIST). Snst Ke-9, 9, 121–124.

Pemerintah Indonesia. (2010). Peraturan Menteri Komunikasi Dan Informatika Nomor : 16 /Per/M.Kominfo/ 10 /2010. 1–5.

Ridho, F., Yudhana, A., & Riadi, I. (2016). Analisis Forensik Router Untuk Mendeteksi Serangan Distributed Danial of Service (DDoS) Secara Real Time. 2(1), 111–116. http://ars.ilkom.unsri.ac.id

Siddharth Sachin Kulkarni. (2017). Routing Table Size Aware Dynamic Routing for Maximization of Throughput of an SDN. In Project Submission Sheet – 2016/2017 School of Computing.

Supardi, W. (2012). IP Address & Subnetting. 1, 1–9.

Wicaksono, G., & Prayudi, Y. (2013). Teknik Forensika Audio Untuk Analisa Suara Pada Barang Bukti Digital. Semnas Unjani.

Yogyantoro, F. S. (2015). Instalasi jaringan komputer pada dinas kesehatan puskesmas patihan kota madiun. Teknik Informatika, 21(2), 1–17.

Yudhana, A., Umar, R., & Ahmadi, A. (2019). Digital Evidence Identification on Google Drive in Android Device Using NIST Mobile Forensic Method. Scientific Journal of Informatics, 6(1), 54–63. https://doi.org/10.15294/sji.v6i1.17767

Baru

Downloads

Published

2023-12-31 — Updated on 2023-12-31

Versions

Issue

Vol. 1 No. 2 (2023): Journal of SAKIRA (Secure And Knowledge-Intelligent Research in Cybersecurity And Multimedia)

Section

Articles

How to Cite

[1]
K. Butarbutar , Tran., “Forensic Network Analysis of Metarouter Using NIST SP800-86Framework”, SAKIRA, vol. 1, no. 2, pp. 39–51, Dec. 2023, doi: 10.1234/ys5zhj83.