Imam Riadi

Forensic SIM Card Cloning Using Authentication Algorithm

Crime in the telecommunications sector increasingly, especially in the mobile security system found several security flaws of data outside of the network. Clone SIM card is a major problem in the SIM card device. Research cloning SIM card can be presented in the form of analysis algorithms A3 SRES, and A8 RAND to get Ki AUC for the investigation process digital forensic cloning SIM card, testing scheme SIM card cloning used parameter ＂Due Under Test＂ (DUT) and ＂Trial and Error＂ with the following phases ; identification, preservation, collection, examination, anally and presentation. Conclusion SIM card cloning and analysis in the form of percentage of success then conducted a forensic investigation to cloning SIM card with the matching algorithm A8 (RAND) contained in each SIM card which produces authentication Ki as contained in the investigation file structure SIM card. Memory capacity has advantages and disadvantages, which is 32kb SIM card Ki produced a success rate of 100% success, 64kb SIM card cloning success rate of 25% to 50%. Research cloning SIM card with forensic investigations have been successfully cloned.

Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard

Denial of Service (DoS) attacks are structured network attacks that originate from multiple sources and converge to form large packet currents. A DoS attack aims to disrupt the services available on the target network by flooding the bandwidth or processing capacity system making the target server network become overloaded. Wireshark is a tool that can be used to detect DoS attacks on a Router network and perform network traffic analysis that has functions that are useful for network professionals, network administrators, researchers, and network software development, requiring the detection of DoS attacks on the Router and multiplying information as well as attracting forensics data as a digital evidence of DoS attacks on the Router through the Live Forensics method. This research succeeded in pulling data information of DoS attack on Router form activity log data and attacker IP address list.

ANALISIS FORENSIK DIGITAL PADA FROZEN SOLID STATE DRIVE DENGAN METODE NATIONAL INSTITUTE OF JUSTICE (NIJ)

Kejahatan komputer memiliki bukti digital dari tindak kejahatan dan perlu dilakukan analisa . Perkembangan teknologi komputer yang demikian pesat telah membawa perubahan pada bidang perangkat keras . Pada perangkat keras saat ini terdapat Solid State Drive (SSD) sebagai media penyimpanan utama komputer, karena teknologi SSD memiliki kecepatan akses data yang cepat. Penggunaan software pembeku drive pada komputer sering dilakukan oleh teknisi komputer, karena dapat menghemat biaya perawatan. Software tersebut digunakan untuk melindungi komputer dari perubahan yang tidak dikehendaki, sistem komputer yang tanam software tersebut menjadikan perubahan yang terjadi pada sistem komputer tidak disimpan pada media penyimpanan setelah komputer dimatikan . Ketika hal ini terjadi apa yang harus dilakukan oleh penyidik forensik digital. Penelitian ini membahas perbandingan terkait tool Forensik yang digunakan untuk proses eksaminasi dan analisa. Pengambilan salinan bukti digital dilakukan dengan metode forensik statik, sedangkan tahapan penelitian dan analisa mengadaptasi dan mengimplementasikan metode forensik dari National Institute of Justice (NIJ ) untuk mendapatkan bukti digital. Software pembeku drive seperti Shadow Defender terbukti berpengaruh terhadap praktik eksaminasi forensik digital terhadap didapatkannya bukti-bukti digital , dengan kondisi tersebut prosentase keberhasilannya merestorasi file hanya 28,7% sehingga dapat menjadi hambatan dalam proses forensik digital.

Pengembangan Sistem Pengaman Jaringan Komputer Berdasarkan Analisis Forensik Jaringan

Ilmu pengetahuan tentang keamanan komputer yang terkait dengan penyelidikan untuk menentukan sumber serangan jaringan berdasarkan data log bukti, identifikasi, analisis, dan rekonstruksi kejadian adalah Forensik Jaringan yang merupakan cabang dari Forensik Digital. Sedangkan jenis serangan terhadap suatu komputer atau server di dalam jaringan dengan cara menghabiskan sumber daya (resources) yang dimiliki oleh komputer sampai komputer tersebut tidak dapat menjalankan fungsinya dengan benar, sehingga secara tidak langsung mencegah pengguna lain untuk memperoleh akses dari layanan jaringan yang diserang disebut dengan serangan Distributed Denial of Service (DDoS). Riset Forensik Jaringan dilakukan dalam Laboratorium Riset Magister Teknik Informatika Universitas Ahmad Dahlan Yogyakarta. Deteksi serangan dilakukan oleh Winbox RouterOS v3,7 dimana software tersebut menunjukan resources, data penyerang (IP Address), jumlah paket data, dan kapan terjadi serangan. Sedangkan simulasi serangan dilakukan dengan software LOIC untuk mengetahui kinerja sistem pengaman jaringan komputer. Sedangkan sistem pengaman jaringan komputer berupa antisipasi terhadap bentuk serangan DDoS.

Deteksi Serangan DDoS Menggunakan Neural Network dengan Fungsi Fixed Moving Average Window

Distributed denial-of-service (DDoS) merupakan jenis serangan dengan volume, intensitas, dan biaya mitigasi yang terus meningkat seiring berkembangnya skala organisasi. Penelitian ini memiliki tujuan untuk mengembangkan sebuah pendekatan baru untuk mendeteksi serangan DDoS, berdasarkan pada karakteristik aktivitas jaringan menggunakan neural network dengan fungsi fixed moving average window (FMAW) sebagai metode deteksi. Data pelatihan dan pengujian diambil dari CAIDA DDoS Attack 2007 dan simulasi mandiri. Pengujian terhadap metode neural network dengan fungsi fixed moving average window (FMAW) menghasilkan prosentase rata-rata pengenalan terhadap tiga kondisi jaringan (normal, slow DDoS, Dan DDoS) sebesar 90,52%. Adanya pendekatan baru dalam mendeteksi serangan DDoS, diharapkan bisa menjadi sebuah komplemen terhadap sistem IDS dalam meramalkan terjadinya serangan DDoS.

Wi-Fi Security Level Analysis for Minimizing Cybercrime

The increasing human need for Internet access requires Internet access service that is easy to do as the availability of Wi-Fi hotspot. Among the many Wi-Fi hotspots in public service locations in Yogyakarta is still very little attention to the security of data communications on the wireless network. This makes the hacker be interested to discover his ability to perform various activities of cybercrime. This study aims to analyze and test the Wi-Fi network security contained in locations of public services in Yogyakarta. The method used in this study is a qualitative method that consists of five main steps, namely the study of literature, the issue of criteria Wi-Fi, research instruments, data collection, and analysis. The location of public services, Wi-Fi hotspot providers selected in three categories: hotel, restaurant / cafe, and educational institutions. Each public service category taken sample 5 different locations. Testing is done with action that leads to crime by type of action such as sniffing, DNS spoofing and hijacking. The results showed that the majority of Wi-Fi located at the location of public service vulnerable to criminal attack. Wi-Fi throughout the studied (100%) are not secure against sniffing activities, 80% are not secure against DNS spoofing activities, and 66.6% are not

Image Forensic for detecting Splicing Image with Distance Function

In the era of digital image, good editing software allows users to process digital images in an easy way. It is inevitable, which, unfortunately leads to the widespread of image forgery. Hence, an image fraud detection tool is essential to verify the authenticity of a digital image. The rapid growth of digital image manipulation has prompted writers on forensic image to reveal their authenticity. Manipulations are commonly found in image formats such as Joint Photographic Experts Group (JPEG). JPEG is the most common format supported by devices and apps. Therefore, the researchers will analyze measurement of forensic image similarity using distance function method, while image manipulation is used specially on image splicing. The results of this study show that distance function can be 2 different images. General Terms Digital Forensics

A Comparative Study of Forensic Tools for WhatsApp Analysis using NIST Measurements

One of the popularly used features on Android smartphone is WhatsApp. WhatsApp can be misused, such as for criminal purposes. To conduct investigation involving smartphone devices, the investigators need to use forensic tools. Nonetheless, the development of the existing forensic tool technology is not as fast as the development of mobile technology and WhatsApp. The latest version of smartphones and WhatsApp always comes up. Therefore, a research on the performance of the current forensic tools in order to handle a case involving Android smartphones and WhatsApp in particular need to be done. This research evaluated existing forensic tools for performing forensic analysis on WhatsApp using parameters from NIST and WhatsApp artifacts. The outcome shows that Belkasoft Evidence has the highest index number, WhatsApp Key/DB Extractor has superiority in terms of costs, and Oxygen Forensic has superiority in obtaining WhatsApp artifact.

Network Packet Classification using Neural Network based on Training Function and Hidden Layer Neuron Number Variation

Distributed denial of service (DDoS) is a structured network attack coming from various sources and fused to form a large packet stream. DDoS packet stream pattern behaves as normal packet stream pattern and very difficult to distinguish between DDoS and normal packet stream. Network packet classification is one of the network defense system in order to avoid DDoS attacks. Artificial Neural Network (ANN) can be used as an effective tool for network packet classification with the appropriate combination of numbers hidden layer neuron and training functions. This study found the best classification accuracy, 99.6% was given by ANN with hidden layer neuron numbers stated by half of input neuron numbers and twice of input neuron numbers but the number of hidden layers neuron by twice of input neuron numbers gives stable accuracy on all training function. ANN with Quasi-Newton training function doesn’t much affected by variation on hidden layer neuron numbers otherwise ANN with Scaled-Conjugate and Resilient-Propagation training function.

DDoS Attacks Classification using Numeric Attribute-based Gaussian Naive Bayes

Cyber attacks by sending large data packets that deplete computer network service resources by using multiple computers when attacking are called Distributed Denial of Service (DDoS) attacks. Total Data Packet and important information in the form of log files sent by the attacker can be observed and captured through the port mirroring of the computer network service. The classification system is required to distinguish network traffic into two conditions, first normal condition, and second attack condition. The Gaussian Naive Bayes classification is one of the methods that can be used to process numeric attribute as input and determine two decisions of access that occur on the computer network service that is “normal” access or access under “attack” by DDoS as output. This research was conducted in Ahmad Dahlan University Networking Laboratory (ADUNL) for 60 minutes with the result of classification of 8 IP Address with normal access and 6 IP Address with DDoS attack access.