Analisis Forensik Komputer Pada Lalu Lintas Jaringan

Samuel A. Mandowen

Abstract


The purpose of this research is to analyze and report the contents of a network-captured file (nitroba.pcap.zip), which is an archive containing network based activities monitored and logged in Nitroba University network using network forensics tool called Wireshark. The network capture file downloaded from file share website/repository of Queensland University of Technology (QUT) Brisbane, Australia. This network-captured file contains activities may against cyber laws. In addition, this file was extracted to nitroba.pcap file on a local hard drive before carrying out forensic analysis. The network reported that there were activities by an individual sending harassing email to Lily Tuckrige. The message contains an IP address 140.247.62.34 in the message full headers and IP address points to Nitroba University dorm room. The analysis attempts to reconstruct the structure of the network, identify key players in the network and determine all activities leading to and occurring during the reported malicious activity. The analysis was carried out mainly using network forensic tools such as Wireshark v1.10.2 and NetworkMiner v1.5. The analysis of a network capture file nitroba.pcap resulted in the recovery of a number of value evidences. Final computer forensics investigation resulted in three main key findings and six item of supporting evidences from the analysis. Two items of the evidence containing the same message sent to Lily Tuckrige. One HTTP packet indicated the suspect’s email address, namely jcoachj@gmail.com and six packets contain hostile messages. All the items of the evidence traced from IP address 192.168.15.4 and proved that Johnny Coach, one of Lily Tuckrige’s students was the person who sent the harassing emails.

 

Keywords : Computer Forensics, Network Traffic.

Full Text:

PDF

References


About Wireshark. Retrieved from: http://www.wireshark.org/about.html

Computer Forensics Glossary. Retrieved from: http://burgessforensics.com/glossary.php

Digital Forensics Glossary. Retrieved from: http://www.nij.gov/topics/forensics/evidence/digital/digital-glossary.htm

Glossary of Computer Forensics Terms. Retrieved from: http://www.pcrforensics.com/index.php?option=com_glossary&Itemid=132&task=list&glossid=1&letter=all&page=6

Meghanathan, N., Allam, S. R., Moore, L. A (2009).Tools and techniques for network forensics. Retrieved from: http://arxiv.org/ftp/arxiv/papers/1004/1004.0570.pdf

Offensive/harassing/menacing emails Retrieved from: http://www.police.qld.gov.au/programs/cscp/eCrime/offensive.htm

Sharma, V., (2012). 802.11 Sniffer Capture Analysis -Wireshark filtering. Retrieved from: https://supportforums.cisco.com/docs/DOC-24730

Solomon M. G., dkk. 2011. Computer Forensic, JumpStart. 2nd Edition. Wiley Publishing .

Use NetworkMiner to Analyse Network Traffic. Retrieved from: http://www.makeuseof.com/tag/monitor-network-watch-bandwidth-networkminer/

Wireshark User's Guide: Chapter 6. Working with captured packets. Retrieved from: http://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html


Refbacks

  • There are currently no refbacks.