Difference between revisions of "Forensic: IT"

From OnnoWiki
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
* [[Tujuan dan Ruang Lingkup]]
 
* [[Tujuan dan Ruang Lingkup]]
 
* [[Hukum dan Etika]]
 
* [[Hukum dan Etika]]
 +
 +
 +
* [[Definition and Basic Concepts (en)]]
 +
* [[Objectives and Scope (en)]]
 +
* [[Law and Ethics (en)]]
 +
  
 
==PERTEMUAN: Proses Akuisisi Data==
 
==PERTEMUAN: Proses Akuisisi Data==
Line 10: Line 16:
 
* [[Teknik Akuisisi]]
 
* [[Teknik Akuisisi]]
 
* [[Dokumentasi dan Chain of Custody]]
 
* [[Dokumentasi dan Chain of Custody]]
 +
 +
 +
* [[Basic Principles of Acquisition (en)]]
 +
* [[Acquisition Techniques (en)]]
 +
* [[Documentation and Chain of Custody (en)]]
 +
 +
  
 
==PERTEMUAN: Analisis Data==
 
==PERTEMUAN: Analisis Data==
Line 16: Line 29:
 
* [[Teknik Analisis]]
 
* [[Teknik Analisis]]
 
* [[Analisis Data Jejak]]
 
* [[Analisis Data Jejak]]
 +
 +
 +
* [[Tools and Software (en)]]
 +
* [[Analysis Techniques (en)]]
 +
* [[Trace Data Analysis (en)]]
 +
  
 
==PERTEMUAN: Investigasi Sistem Operasi==
 
==PERTEMUAN: Investigasi Sistem Operasi==
Line 22: Line 41:
 
* [[Sistem Operasi Linux]]
 
* [[Sistem Operasi Linux]]
 
* [[Sistem Operasi Mobile]]
 
* [[Sistem Operasi Mobile]]
 +
 +
 +
* [[Windows Operating System (en)]]
 +
* [[Linux Operating System (en)]]
 +
* [[Mobile Operating System (en)]]
 +
  
 
==PERTEMUAN: Investigasi Jaringan==
 
==PERTEMUAN: Investigasi Jaringan==
Line 28: Line 53:
 
* [[Tool dan Teknik]]
 
* [[Tool dan Teknik]]
 
* [[Investigasi Intrusi]]
 
* [[Investigasi Intrusi]]
 +
 +
 +
* [[Basic Network Concepts (en)]]
 +
* [[Tools and Techniques (en)]]
 +
* [[Intrusion Investigation (en)]]
 +
  
 
==PERTEMUAN: Forensic eMail==
 
==PERTEMUAN: Forensic eMail==
Line 33: Line 64:
 
* [[Hands-On: Attack Spoofing SMTP Server & WebMail]]
 
* [[Hands-On: Attack Spoofing SMTP Server & WebMail]]
 
* [[Mitigasi eMail attack: GnuPG]]
 
* [[Mitigasi eMail attack: GnuPG]]
 +
 +
 +
* [[SMTP, POP3, IMAP Protocols (en)]]
 +
* [[Hands-On: Spoofing Attack on SMTP Server & WebMail (en)]]
 +
* [[Mitigating eMail Attacks: GnuPG (en)]]
  
 
==PERTEMUAN: Forensic SQL Injection Attack==
 
==PERTEMUAN: Forensic SQL Injection Attack==
Line 41: Line 77:
 
* [[Mitigasi: SQL Injection]]
 
* [[Mitigasi: SQL Injection]]
 
* [[Mitigasi: Snort IPS]]
 
* [[Mitigasi: Snort IPS]]
 +
 +
 +
* [[SQL Overview (en)]]
 +
* [[MySQL (en)]]
 +
* [[SQL Injection Attack (en)]]
 +
* [[Hands-On: Attack SQL Injection (en)]]
 +
* [[Mitigation: SQL Injection (en)]]
 +
* [[Mitigation: Snort IPS (en)]]
 +
  
 
==PERTEMUAN: Forensic Command Injection Attack==
 
==PERTEMUAN: Forensic Command Injection Attack==
Line 48: Line 93:
 
* [[Forensic Command Injection Attack]]
 
* [[Forensic Command Injection Attack]]
 
* [[Mitigasi Command Injection Attack]]
 
* [[Mitigasi Command Injection Attack]]
 +
 +
 +
* [[Command Line on a Linux Server (en)]]
 +
* [[Hands-on Command Injection Attack (en)]]
 +
* [[Forensic Command Injection Attack (en)]]
 +
* [[Mitigation of Command Injection Attack (en)]]
 +
  
 
==PERTEMUAN: Forensic Backdoor via Command Injection Attack==
 
==PERTEMUAN: Forensic Backdoor via Command Injection Attack==
Line 55: Line 107:
 
* [[Hands-on mkfifo attack backdoor di DVWA via Command Injection]]
 
* [[Hands-on mkfifo attack backdoor di DVWA via Command Injection]]
 
* [[Forensic backdoor di Ubuntu]]
 
* [[Forensic backdoor di Ubuntu]]
 +
* [[Grep: Scanning Backdoor]]
 
* [[Mitigasi backdoor di Ubuntu]]
 
* [[Mitigasi backdoor di Ubuntu]]
 +
 +
 +
* [[TCP port communication via nc (en)]] 
 +
* [[mkfifo: how it works (en)]]
 +
* [[Hands-on mkfifo attack backdoor in DVWA via Command Injection (en)]] 
 +
* [[Forensic backdoor in Ubuntu (en)]]
 +
* [[Grep: Scanning for backdoor (en)]]
 +
* [[Mitigation of backdoor in Ubuntu (en)]]
  
 
==PERTEMUAN: Forensic File System Linux==
 
==PERTEMUAN: Forensic File System Linux==
Line 62: Line 123:
 
* [[Hands-on File Forensic menggunakan dd, ntfsundelete, ext3undelete, dan extundelete]]
 
* [[Hands-on File Forensic menggunakan dd, ntfsundelete, ext3undelete, dan extundelete]]
 
* [[Mitigasi agar file dan file system aman]]
 
* [[Mitigasi agar file dan file system aman]]
 +
 +
 +
* [[Overview of dd, ntfsundelete, ext3undelete, and extundelete (en)]]
 +
* [[Hands-on File Forensics using dd, ntfsundelete, ext3undelete, and extundelete (en)]]
 +
* [[Mitigation to secure files and file systems (en)]]
  
  
Line 71: Line 137:
 
* [[Hands-on Forensic Android menggunakan ADB]]
 
* [[Hands-on Forensic Android menggunakan ADB]]
 
* [[Hands-on Forensic Android menggunakan ADB untuk analisa SMS, panggilan, kontak, Whatsapp, Data Lokasi]]
 
* [[Hands-on Forensic Android menggunakan ADB untuk analisa SMS, panggilan, kontak, Whatsapp, Data Lokasi]]
 +
 +
 +
* [[Characteristics of Mobile Devices: Mobile Operating Systems, Third-Party Applications, Cloud Storage (en)]]
 +
* [[Acquisition Techniques: Physical Extraction vs. Logical Extraction (en)]]
 +
* [[Android Rooting Techniques if Necessary (en)]]
 +
* [[Hands-on Android Forensics using ADB (en)]]
 +
* [[Hands-on Android Forensics using ADB for analyzing SMS, calls, contacts, WhatsApp, Location Data (en)]]
 +
  
 
==PERTEMUAN: Misc Attack & Forensic==
 
==PERTEMUAN: Misc Attack & Forensic==
TEORI: Penggunaan Metasploitable
 
Penggunaan SQLMap untuk SQL Injection
 
Penggunaan nmap untuk payload attack
 
Log yang relevan dengan payload attack
 
DEMO: Misc. Attack & Forensic
 
FORENSIC:
 
nmap --script smb-enum-users.nse -p445 <host>
 
sudo nmap -sU -sS --script smb-enum-users.nse -p U:137,T:139 <host>
 
nmap --script=mysql-brute <target>
 
Nmap  -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace  192.168.0.100
 
Nmap  -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100
 
msfconsole use auxiliary/scanner/smb/smb_login
 
msfconsole use auxiliary/scanner/smb/smb_enumshares
 
msfvenom
 
MITIGATION:
 
Firewall
 
Access Control List
 
PAM
 
  
 +
* [[Berbagai latihan serangan dan forensic pada Metasploitable]]
 +
* [[Forensic: nmap smb-enum-users.nse attack]]
 +
* [[Forensic: nmap mysql-brute.nse attack]]
 +
* [[Forensic: nmap ssh2-enum-algos attack]]
 +
* [[Forensic: msfconsole use auxiliary/scanner/smb/smb_login attack]]
 +
* [[Forensic: msfconsole use auxiliary/scanner/smb/smb_enumshares attack]]
 +
* [[Forensic: msfvenom attack]]
 +
 +
 +
* [[Example of attackes dan forensic using Metasploitable (en)]]
 +
* [[Forensic: nmap smb-enum-users.nse attack (en)]]
 +
* [[Forensic: nmap mysql-brute.nse attack (en)]]
 +
* [[Forensic: nmap ssh2-enum-algos attack (en)]]
 +
* [[Forensic: msfconsole use auxiliary/scanner/smb/smb_login attack (en)]]
 +
* [[Forensic: msfconsole use auxiliary/scanner/smb/smb_enumshares attack (en)]]
 +
* [[Forenisc: msfvenom attack (en) ]]
  
 
==PERTEMUAN: Laporan Forensic==
 
==PERTEMUAN: Laporan Forensic==
Line 98: Line 170:
 
* [[Laporan Forensic: Prosedur Pemeriksaan]]
 
* [[Laporan Forensic: Prosedur Pemeriksaan]]
 
* [[Laporan Forensic: Hasil Temuan]]
 
* [[Laporan Forensic: Hasil Temuan]]
 +
 +
 +
* [[Forensic Report: Outline (en)]]
 +
* [[Forensic Report: Examination Procedures (en)]]
 +
* [[Forensic Report: Findings (en)]]

Latest revision as of 09:14, 29 October 2024

PERTEMUAN: Pengenalan IT Forensik



PERTEMUAN: Proses Akuisisi Data



PERTEMUAN: Analisis Data



PERTEMUAN: Investigasi Sistem Operasi



PERTEMUAN: Investigasi Jaringan



PERTEMUAN: Forensic eMail


PERTEMUAN: Forensic SQL Injection Attack



PERTEMUAN: Forensic Command Injection Attack



PERTEMUAN: Forensic Backdoor via Command Injection Attack


PERTEMUAN: Forensic File System Linux



PERTEMUAN: Investigasi Perangkat Mobile



PERTEMUAN: Misc Attack & Forensic


PERTEMUAN: Laporan Forensic