Analisis Forensik Komputer Pada Lalu Lintas Jaringan

Samuel A. Mandowen


The purpose of this research is to analyze and report the contents of a network-captured file (, which is an archive containing network based activities monitored and logged in Nitroba University network using network forensics tool called Wireshark. The network capture file downloaded from file share website/repository of Queensland University of Technology (QUT) Brisbane, Australia. This network-captured file contains activities may against cyber laws. In addition, this file was extracted to nitroba.pcap file on a local hard drive before carrying out forensic analysis. The network reported that there were activities by an individual sending harassing email to Lily Tuckrige. The message contains an IP address in the message full headers and IP address points to Nitroba University dorm room. The analysis attempts to reconstruct the structure of the network, identify key players in the network and determine all activities leading to and occurring during the reported malicious activity. The analysis was carried out mainly using network forensic tools such as Wireshark v1.10.2 and NetworkMiner v1.5. The analysis of a network capture file nitroba.pcap resulted in the recovery of a number of value evidences. Final computer forensics investigation resulted in three main key findings and six item of supporting evidences from the analysis. Two items of the evidence containing the same message sent to Lily Tuckrige. One HTTP packet indicated the suspect’s email address, namely and six packets contain hostile messages. All the items of the evidence traced from IP address and proved that Johnny Coach, one of Lily Tuckrige’s students was the person who sent the harassing emails.


Keywords : Computer Forensics, Network Traffic.

Full Text:



About Wireshark. Retrieved from:

Computer Forensics Glossary. Retrieved from:

Digital Forensics Glossary. Retrieved from:

Glossary of Computer Forensics Terms. Retrieved from:

Meghanathan, N., Allam, S. R., Moore, L. A (2009).Tools and techniques for network forensics. Retrieved from:

Offensive/harassing/menacing emails Retrieved from:

Sharma, V., (2012). 802.11 Sniffer Capture Analysis -Wireshark filtering. Retrieved from:

Solomon M. G., dkk. 2011. Computer Forensic, JumpStart. 2nd Edition. Wiley Publishing .

Use NetworkMiner to Analyse Network Traffic. Retrieved from:

Wireshark User's Guide: Chapter 6. Working with captured packets. Retrieved from:


  • There are currently no refbacks.