Difference between revisions of "Forensic: IT"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 19: | Line 19: | ||
==PERTEMUAN: Investigasi Sistem Operasi== | ==PERTEMUAN: Investigasi Sistem Operasi== | ||
− | * Sistem Operasi Windows | + | * [[Sistem Operasi Windows]] |
** Struktur file system NTFS | ** Struktur file system NTFS | ||
** Registry Windows | ** Registry Windows | ||
** Event log | ** Event log | ||
− | * Sistem Operasi Linux | + | * [[Sistem Operasi Linux]] |
** Struktur file system ext2/ext3/ext4 | ** Struktur file system ext2/ext3/ext4 | ||
** Journaling | ** Journaling | ||
** Log file | ** Log file | ||
− | * Sistem Operasi Mobile | + | * [[Sistem Operasi Mobile]] |
** Android Forensics | ** Android Forensics | ||
** iOS Forensics | ** iOS Forensics |
Revision as of 12:39, 14 October 2024
PERTEMUAN: Pengenalan IT Forensik
PERTEMUAN: Proses Akuisisi Data
PERTEMUAN: Analisis Data
PERTEMUAN: Investigasi Sistem Operasi
- Sistem Operasi Windows
- Struktur file system NTFS
- Registry Windows
- Event log
- Sistem Operasi Linux
- Struktur file system ext2/ext3/ext4
- Journaling
- Log file
- Sistem Operasi Mobile
- Android Forensics
- iOS Forensics
PERTEMUAN: Investigasi Jaringan
- Konsep Dasar Jaringan:
- Protokol jaringan
- Paket data
- Analisis traffic jaringan
- Alat dan Teknik:
- Packet capture
- Network traffic analysis
- DNS analysis
- Investigasi Intrusi:
- Analisis log server
- Deteksi malware
- Incident response
PERTEMUAN: Kasus Studi dan Praktikum
- Studi Kasus:
- Kasus-kasus IT Forensik aktual
- Analisis kasus
- Praktikum:
- Simulasi kasus forensik
- Penggunaan alat forensik
- Penyusunan laporan forensik
PERTEMUAN: Forensic eMail
- Protocol SMTP POP3 IMAP
- Hands-On: Attack Spoofing SMTP Server & WebMail
- Mitigasi eMail attack: GnuPG
PERTEMUAN: Forensic SQL Injection Attack
- SQL Overview
- MySQL
- SQL Injection Attack
- Hands-On: Attack SQL Injection
- Mitigasi: SQL Injection
- Mitigasi: Snort IPS
PERTEMUAN: Forensic Command Injection Attack
- Command Line di Server Linux
- Hands-on Command Injection Attack
- Forensic Command Injection Attack
- Mitigasi Command Injection Attack
PERTEMUAN: Forensic Backdoor via Command Injection Attack
- TCP port communication via nc
- mkfifo: cara kerja
- Hands-on mkfifo attack backdoor di DVWA via Command Injection
- Forensic backdoor di Ubuntu
- Mitigasi backdoor di Ubuntu
PERTEMUAN: Forensic File System Linux
- Overview tentang dd, ntfsundelete, ext3undelete dan extundelete
- Hands-on File Forensic menggunakan dd, ntfsundelete, ext3undelete, dan extundelete
- Mitigasi agar file dan file system aman
PERTEMUAN: Investigasi Perangkat Mobile
- Karakteristik Perangkat Mobile: Sistem operasi mobile, Aplikasi pihak ketiga, Cloud storage
- Teknik Akuisisi Physical extraction vs. Logical extraction
- Teknik Rooting Android jika diperlukan
- Hands-on Forensic Android menggunakan ADB
- Hands-on Forensic Android menggunakan ADB untuk analisa SMS, panggilan, kontak, Whatsapp, Data Lokasi
PERTEMUAN: Misc Attack & Forensic
TEORI: Penggunaan Metasploitable Penggunaan SQLMap untuk SQL Injection Penggunaan nmap untuk payload attack Log yang relevan dengan payload attack DEMO: Misc. Attack & Forensic FORENSIC: nmap --script smb-enum-users.nse -p445 <host> sudo nmap -sU -sS --script smb-enum-users.nse -p U:137,T:139 <host> nmap --script=mysql-brute <target> Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt --script-trace 192.168.0.100 Nmap -sT -p3306 --script mysql-brute.nse --script-args userdb=/root/user.txt,passdb=/root/pass.txt --script-trace 192.168.0.100 msfconsole use auxiliary/scanner/smb/smb_login msfconsole use auxiliary/scanner/smb/smb_enumshares msfvenom MITIGATION: Firewall Access Control List PAM