Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems
Abstract views: 23

Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems

Danar Cahyo Prakoso, Imam Riadi, Yudi Prayudi

Abstract

Information technology has become an essential thing in the digital era as it is today. With the support of computer networks, information technology is used as a medium for exchanging data and information. Much information is confidential. Therefore security is also essential. Metasploit is one of the frameworks commonly used by penetration testers to audit or test the security of a computer system legally, but it does not rule out the possibility that Metasploit can also be used for crime. For this reason, it is necessary to carry out a digital forensic process to uncover these crimes. In this study, a simulation of attacks on Windows 10 will be carried out with Metasploit. Then the digital forensics process uses live forensics techniques on computer RAM, where the computer RAM contains information about the processes running on the computer. The live forensic technique is important because information on RAM will be lost if the computer is off. This research will use FTK Imager, Dumpit, and Magnet RAM Capture as the RAM acquisition tool and Volatility as the analysis tool. The results of the research have successfully shown that the live forensics technique in RAM is able to obtain digital evidence in the form of an attacker's IP, evidence of exploits/Trojans, processes running on RAM, operating system profiles used and the location of the exploits/Trojan when executed by the victim.

Keywords

Digital Forensics, RAM Forensics, Live Forensics, Metasploit, Digital Evidence

References

[1] D. A. Arifah, “Kasus Cybercrime Di Indonesia” Jurnal Bisnis dan Ekonomi (JBE)., vol. 18, no. 2. 2011.

[2] H. Gupta and R. Kumar, “Protection against penetration attacks using Metasploit,” 2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions). 2015.

[3] U. Timalsina and K. Gurung, “Metasploit Framework with Kali Linux,”. 2017.

[4] I. Riadi and M. E. Rauli, “Live forensics analysis of line app on proprietary operating system,” Kinetik: Game Technology. Information System, Computer. Network, Computing, Electronics and Control. 4(4)., vol. 4, no. 3, 2019.

[5] M. N. Faiz and W. A. Prabowo, “Comparison of Acquisition Software for Digital Forensics Purposes,” Kinetik. Vol. 4, No. 1, Febr. 2019, vol. 4, no. 1, pp. 37–44, 2019.

[6] G. M. Zamroni and I. Riadi, “Instant Messaging Forensic Tools Comparison on Android Operating System,” Kinetik. vol. 4, no. 2, pp. 137–148, 2019.

[7] A. Kurniawan and Y. Prayudi, “Teknik Live Forensics Pada Aktivitas Zeus Malware Untuk Mendukung Investigasi Malware Forensics,” HADFEX (Hacking Digital Forensics Exposed, no. JUNE 2014, pp. 1–5, 2014.

[8] M. Kaur, N. Kaur, and S. Khurana, “A Literature Review on Cyber Forensic and its Analysis tools,” International Journal of Advanced Research in Computer and Communication Engineering., vol. 5, no. 1, pp. 23–28, 2016.

[9] F. Bahtiar, N. Widiyasono, and A. P. Aldya, “Memory Volatile Forensik Untuk Deteksi Malware Menggunakan Algoritma Machine Learning,” Jurnal Teknik Informatika dan Sistem Informasi., vol. 4, pp. 242–253, 2018.

[10] D. S. Yudhistira, I. Riadi, and Y. Prayudi, “Live Forensics Analysis Method For Random Access Memory On Laptop Devices,” International Journal of Computer Science and Information Security (IJCSIS). 2018.

[11] K. Hausknecht, D. Foit, and J. Burić, “RAM data significance in digital forensics,” 2015 38th International . Convention on Information and Communication Technology Electronics and Microelectronics MIPRO 2015 - ., no. May, pp. 1372–1375, 2015.

[12] T. Rochmadi, I. Riadi, and Y. Prayudi, “Live Forensics for Anti-Forensics Analysis on Private Portable Web Browser,” International Journal Computer Aplications., vol. 164, no. 8, pp. 31–37, 2017.

[13] S. Thomas, K. K. Sherly, and S. Dija, “Extraction of memory forensic artifacts from windows 7 RAM image,” 2013 IEEE Conf. Information and Communication Technology. ICT 2013, no. Ict, pp. 937–942, 2013.

[14] R. Thantilage and N. Jeyamohan, “A volatile memory analysis tool for retrieval of social media evidence in windows 10 OS based workstations,” 2017 National Information Technology Conference, pp. 86–88, 2017.

[15] A. Podile, K. Gottumukkala, and K. Sastry Pendyala, “Digital Forensic Analysis Of Malware Infected Machine-Case Study,” International Journal of Scientific & Technology Research., vol. 4, no. 09, 2015.

[16] K. Wadner, “An Analysis of Meterpreter during Post-Exploitation,” 2014

Refbacks

  • There are currently no refbacks.

Indexed by: 

    

Referencing Software:

Checked by:

Supervised by:

Statistic:

View My Stats


Creative Commons License Kinetik : Game Technology, Information System, Computer Network, Computing, Electronics, and Control by http://kinetik.umm.ac.id is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.