Difference between revisions of "Forensic: IT"

From OnnoWiki
Jump to navigation Jump to search
 
(24 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
* [[Tujuan dan Ruang Lingkup]]
 
* [[Tujuan dan Ruang Lingkup]]
 
* [[Hukum dan Etika]]
 
* [[Hukum dan Etika]]
 +
 +
 +
* [[Definition and Basic Concepts (en)]]
 +
* [[Objectives and Scope (en)]]
 +
* [[Law and Ethics (en)]]
 +
  
 
==PERTEMUAN: Proses Akuisisi Data==
 
==PERTEMUAN: Proses Akuisisi Data==
Line 11: Line 17:
 
* [[Dokumentasi dan Chain of Custody]]
 
* [[Dokumentasi dan Chain of Custody]]
  
==PERTEMUAN: Analisis Data==
 
  
* Alat dan Perangkat Lunak:
+
* [[Basic Principles of Acquisition (en)]]
** Jenis-jenis alat forensik (open source, komersial)
+
* [[Acquisition Techniques (en)]]
** Fitur-fitur utama alat forensik
+
* [[Documentation and Chain of Custody (en)]]
 +
 
  
* Teknik Analisis:
 
** File carving
 
** Email analysis
 
** Web history analysis
 
** Registry analysis
 
  
* Analisis Data Jejak:
+
==PERTEMUAN: Analisis Data==
** Artefak digital
 
** Metadata
 
** Timelining
 
  
==PERTEMUAN: Investigasi Sistem Operasi==
+
* [[Tool dan Perangkat Lunak]]
 +
* [[Teknik Analisis]]
 +
* [[Analisis Data Jejak]]
  
* Sistem Operasi Windows:
 
** Struktur file system NTFS
 
** Registry Windows
 
** Event log
 
  
* Sistem Operasi Linux:
+
* [[Tools and Software (en)]]
** Struktur file system ext2/ext3/ext4
+
* [[Analysis Techniques (en)]]
** Journaling
+
* [[Trace Data Analysis (en)]]
** Log file
 
  
* Sistem Operasi Mobile:
 
** Android Forensics
 
** iOS Forensics
 
  
==PERTEMUAN: Investigasi Jaringan==
+
==PERTEMUAN: Investigasi Sistem Operasi==
  
* Konsep Dasar Jaringan:
+
* [[Sistem Operasi Windows]]
** Protokol jaringan
+
* [[Sistem Operasi Linux]]
** Paket data
+
* [[Sistem Operasi Mobile]]
** Analisis traffic jaringan
 
  
* Alat dan Teknik:
 
** Packet capture
 
** Network traffic analysis
 
** DNS analysis
 
  
* Investigasi Intrusi:
+
* [[Windows Operating System (en)]]
** Analisis log server
+
* [[Linux Operating System (en)]]
** Deteksi malware
+
* [[Mobile Operating System (en)]]
** Incident response
 
  
  
==PERTEMUAN: Kasus Studi dan Praktikum==
+
==PERTEMUAN: Investigasi Jaringan==
  
* Studi Kasus:
+
* [[Konsep Dasar Jaringan]]
** Kasus-kasus IT Forensik aktual
+
* [[Tool dan Teknik]]
** Analisis kasus
+
* [[Investigasi Intrusi]]
  
* Praktikum:
 
** Simulasi kasus forensik
 
** Penggunaan alat forensik
 
** Penyusunan laporan forensik
 
  
 +
* [[Basic Network Concepts (en)]]
 +
* [[Tools and Techniques (en)]]
 +
* [[Intrusion Investigation (en)]]
  
  
Line 79: Line 64:
 
* [[Hands-On: Attack Spoofing SMTP Server & WebMail]]
 
* [[Hands-On: Attack Spoofing SMTP Server & WebMail]]
 
* [[Mitigasi eMail attack: GnuPG]]
 
* [[Mitigasi eMail attack: GnuPG]]
 +
 +
 +
* [[SMTP, POP3, IMAP Protocols (en)]]
 +
* [[Hands-On: Spoofing Attack on SMTP Server & WebMail (en)]]
 +
* [[Mitigating eMail Attacks: GnuPG (en)]]
  
 
==PERTEMUAN: Forensic SQL Injection Attack==
 
==PERTEMUAN: Forensic SQL Injection Attack==
Line 87: Line 77:
 
* [[Mitigasi: SQL Injection]]
 
* [[Mitigasi: SQL Injection]]
 
* [[Mitigasi: Snort IPS]]
 
* [[Mitigasi: Snort IPS]]
 +
 +
 +
* [[SQL Overview (en)]]
 +
* [[MySQL (en)]]
 +
* [[SQL Injection Attack (en)]]
 +
* [[Hands-On: Attack SQL Injection (en)]]
 +
* [[Mitigation: SQL Injection (en)]]
 +
* [[Mitigation: Snort IPS (en)]]
 +
  
 
==PERTEMUAN: Forensic Command Injection Attack==
 
==PERTEMUAN: Forensic Command Injection Attack==
Line 94: Line 93:
 
* [[Forensic Command Injection Attack]]
 
* [[Forensic Command Injection Attack]]
 
* [[Mitigasi Command Injection Attack]]
 
* [[Mitigasi Command Injection Attack]]
 +
 +
 +
* [[Command Line on a Linux Server (en)]]
 +
* [[Hands-on Command Injection Attack (en)]]
 +
* [[Forensic Command Injection Attack (en)]]
 +
* [[Mitigation of Command Injection Attack (en)]]
 +
  
 
==PERTEMUAN: Forensic Backdoor via Command Injection Attack==
 
==PERTEMUAN: Forensic Backdoor via Command Injection Attack==
Line 101: Line 107:
 
* [[Hands-on mkfifo attack backdoor di DVWA via Command Injection]]
 
* [[Hands-on mkfifo attack backdoor di DVWA via Command Injection]]
 
* [[Forensic backdoor di Ubuntu]]
 
* [[Forensic backdoor di Ubuntu]]
 +
* [[Grep: Scanning Backdoor]]
 
* [[Mitigasi backdoor di Ubuntu]]
 
* [[Mitigasi backdoor di Ubuntu]]
 +
 +
 +
* [[TCP port communication via nc (en)]] 
 +
* [[mkfifo: how it works (en)]]
 +
* [[Hands-on mkfifo attack backdoor in DVWA via Command Injection (en)]] 
 +
* [[Forensic backdoor in Ubuntu (en)]]
 +
* [[Grep: Scanning for backdoor (en)]]
 +
* [[Mitigation of backdoor in Ubuntu (en)]]
  
 
==PERTEMUAN: Forensic File System Linux==
 
==PERTEMUAN: Forensic File System Linux==
Line 108: Line 123:
 
* [[Hands-on File Forensic menggunakan dd, ntfsundelete, ext3undelete, dan extundelete]]
 
* [[Hands-on File Forensic menggunakan dd, ntfsundelete, ext3undelete, dan extundelete]]
 
* [[Mitigasi agar file dan file system aman]]
 
* [[Mitigasi agar file dan file system aman]]
 +
 +
 +
* [[Overview of dd, ntfsundelete, ext3undelete, and extundelete (en)]]
 +
* [[Hands-on File Forensics using dd, ntfsundelete, ext3undelete, and extundelete (en)]]
 +
* [[Mitigation to secure files and file systems (en)]]
  
  
Line 117: Line 137:
 
* [[Hands-on Forensic Android menggunakan ADB]]
 
* [[Hands-on Forensic Android menggunakan ADB]]
 
* [[Hands-on Forensic Android menggunakan ADB untuk analisa SMS, panggilan, kontak, Whatsapp, Data Lokasi]]
 
* [[Hands-on Forensic Android menggunakan ADB untuk analisa SMS, panggilan, kontak, Whatsapp, Data Lokasi]]
 +
 +
 +
* [[Characteristics of Mobile Devices: Mobile Operating Systems, Third-Party Applications, Cloud Storage (en)]]
 +
* [[Acquisition Techniques: Physical Extraction vs. Logical Extraction (en)]]
 +
* [[Android Rooting Techniques if Necessary (en)]]
 +
* [[Hands-on Android Forensics using ADB (en)]]
 +
* [[Hands-on Android Forensics using ADB for analyzing SMS, calls, contacts, WhatsApp, Location Data (en)]]
 +
  
 
==PERTEMUAN: Misc Attack & Forensic==
 
==PERTEMUAN: Misc Attack & Forensic==
TEORI: Penggunaan Metasploitable
 
Penggunaan SQLMap untuk SQL Injection
 
Penggunaan nmap untuk payload attack
 
Log yang relevan dengan payload attack
 
DEMO: Misc. Attack & Forensic
 
FORENSIC:
 
nmap --script smb-enum-users.nse -p445 <host>
 
sudo nmap -sU -sS --script smb-enum-users.nse -p U:137,T:139 <host>
 
nmap --script=mysql-brute <target>
 
Nmap  -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace  192.168.0.100
 
Nmap  -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100
 
msfconsole use auxiliary/scanner/smb/smb_login
 
msfconsole use auxiliary/scanner/smb/smb_enumshares
 
msfvenom
 
MITIGATION:
 
Firewall
 
Access Control List
 
PAM
 
  
 +
* [[Berbagai latihan serangan dan forensic pada Metasploitable]]
 +
* [[Forensic: nmap smb-enum-users.nse attack]]
 +
* [[Forensic: nmap mysql-brute.nse attack]]
 +
* [[Forensic: nmap ssh2-enum-algos attack]]
 +
* [[Forensic: msfconsole use auxiliary/scanner/smb/smb_login attack]]
 +
* [[Forensic: msfconsole use auxiliary/scanner/smb/smb_enumshares attack]]
 +
* [[Forensic: msfvenom attack]]
 +
 +
 +
* [[Example of attackes dan forensic using Metasploitable (en)]]
 +
* [[Forensic: nmap smb-enum-users.nse attack (en)]]
 +
* [[Forensic: nmap mysql-brute.nse attack (en)]]
 +
* [[Forensic: nmap ssh2-enum-algos attack (en)]]
 +
* [[Forensic: msfconsole use auxiliary/scanner/smb/smb_login attack (en)]]
 +
* [[Forensic: msfconsole use auxiliary/scanner/smb/smb_enumshares attack (en)]]
 +
* [[Forenisc: msfvenom attack (en) ]]
  
 
==PERTEMUAN: Laporan Forensic==
 
==PERTEMUAN: Laporan Forensic==
Line 143: Line 169:
 
* [[Laporan Forensic: Outline]]
 
* [[Laporan Forensic: Outline]]
 
* [[Laporan Forensic: Prosedur Pemeriksaan]]
 
* [[Laporan Forensic: Prosedur Pemeriksaan]]
 +
* [[Laporan Forensic: Hasil Temuan]]
 +
 +
 +
* [[Forensic Report: Outline (en)]]
 +
* [[Forensic Report: Examination Procedures (en)]]
 +
* [[Forensic Report: Findings (en)]]

Latest revision as of 09:14, 29 October 2024

PERTEMUAN: Pengenalan IT Forensik



PERTEMUAN: Proses Akuisisi Data



PERTEMUAN: Analisis Data



PERTEMUAN: Investigasi Sistem Operasi



PERTEMUAN: Investigasi Jaringan



PERTEMUAN: Forensic eMail


PERTEMUAN: Forensic SQL Injection Attack



PERTEMUAN: Forensic Command Injection Attack



PERTEMUAN: Forensic Backdoor via Command Injection Attack


PERTEMUAN: Forensic File System Linux



PERTEMUAN: Investigasi Perangkat Mobile



PERTEMUAN: Misc Attack & Forensic


PERTEMUAN: Laporan Forensic