Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems
Abstract views: 138

Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems

Danar Cahyo Prakoso, Imam Riadi, Yudi Prayudi

Abstract

Information technology has become an essential thing in the digital era as it is today. With the support of computer networks, information technology is used as a medium for exchanging data and information. Much information is confidential. Therefore, security is also essential. Metasploit is one of the frameworks commonly used by penetration testers to audit or test the security of a computer system legally, but it does not rule out the possibility that Metasploit can also be used for crime. For this reason, it is necessary to carry out a digital forensic process to uncover these crimes. In this study, a simulation of attacks on Windows 10 will be carried out with Metasploit. Then the digital forensics process uses live forensics techniques on computer RAM, where the computer RAM contains information about the processes running on the computer. The live forensic technique is important because information on RAM will be lost if the computer is off. This research will use FTK Imager, Dumpit, and Magnet RAM Capture as the RAM acquisition tool and Volatility as the analysis tool. The results of the research have successfully shown that the live forensics technique in RAM is able to obtain digital evidence in the form of an attacker's IP, evidence of exploits/Trojans, processes running on RAM, operating system profiles used and the location of the exploits/Trojan when executed by the victim.

Keywords

Digital Forensics, RAM Forensics, Live Forensics, Metasploit, Digital Evidence

Full Text:

PDF

References

[1] N. Anwar and I. Riadi, “Analisis Investigasi Forensik WhatsApp Messanger Smartphone Terhadap WhatsApp Berbasis Web,” Jurnal Ilmiah Teknik Elektro Komputer dan Informatika, Vol. 3, No. 1, Pp. 1–10, 2017.

[2] D. A. Arifah, “Kasus Cybercrime Di Indonesia,” Jurnal Bisnis dan Ekonomi, Vol. 18, No. 2, Pp. 185–195, 2011.

[3] H. Gupta and R. Kumar, “Protection against penetration attacks using Metasploit,” 2015 4th International Conference on Reliability, Infocom Technologies and Optimization: Trends and Future Directions, ICRITO 2015, Pp. 2–5, 2015. https://doi.org/10.1109/ICRITO.2015.7359226

[4] U. Timalsina and K. Gurung, “Metasploit Framework with Kali Linux,” No. April 2015, Pp. 0–8, 2017.

[5] I. Riadi and M. E. Rauli, “Live forensics analysis of line app on proprietary operating system,” Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control. 4(4)., Vol. 4, No. 3, 2019. https://doi.org/10.22219/kinetik.v4i4.850

[6] I. Riadi and E. Rauli, “Identifikasi Bukti Digital WhatsApp pada Sistem Operasi Proprietary Menggunakan Live Forensics,” Jurnal Teknik Elektro, Vol. 10, No. 1, Pp. 18–22, 2018. https://doi.org/10.15294/jte.v10i1.14070

[7] Ruhwan, I. Riadi, and Y. Prayudi, “Evaluation of Integrated Digital Forensics Investigation Framework for the Investigation of Smartphones Using Soft System Methodology Evaluation of Integrated Digital Forensics Investigation Framework for the Investigation of Smartphones Using Soft System,” International Journal of Electrical and Computer Engineering (IJECE), No. October, Pp. 2806–2817, 2017. http://doi.org/10.11591/ijece.v7i5.pp2806-2817

[8] I. Riadi, A. Yudhana, M. Caesar, and F. Putra, “Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method,” Scientific Journal of Informatics, No. November, 2018. https://doi.org/10.15294/sji.v5i2.16545

[9] M. N. Faiz and W. A. Prabowo, “Comparison of Acquisition Software for Digital Forensics Purposes,” Kinetik, Vol. 4, No. 1, Febr. 2019, Vol. 4, No. 1, Pp. 37–44, 2019. https://doi.org/10.22219/kinetik.v4i1.687

[10] G. M. Zamroni and I. Riadi, “Instant Messaging Forensic Tools Comparison on Android Operating System,” Kinetik, Vol. 4, No. 2, Pp. 137–148, 2019. https://doi.org/10.22219/kinetik.v4i2.735

[11] H. K. Mann and Gurpal Singh Chhabra, “Volatile Memory Forensics : A Legal Perspective,” International Journal of Computer Applications, Vol. 155, No. 3, Pp. 11–15, 2016. http://doi.org/10.5120/ijca2016912276

[12] R. Dave, N. R. Mistry, and M. S. Dahiya, “Volatile Memory Based Forensic Artifacts & Analysis Volatile Memory Based Forensic Artifacts & Analysis,” International Journal for Research in Applied Science Engineering Technology, 2014.

[13] A. Kurniawan and Y. Prayudi, “Teknik Live Forensics Pada Aktivitas Zeus Malware Untuk Mendukung Investigasi Malware Forensics,” HADFEX (Hacking Digit. Forensics Exposed), No. June 2014, Pp. 1–5, 2014.

[14] W. Pranoto, I. Riadi, and Y. Prayudi, “Live forensics method for acquisition on the Solid State Drive ( SSD ) NVMe TRIM function,” Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 2020. https://doi.org/10.22219/kinetik.v0i0.1032

[15] D. Sudyana and N. Lizarti, “Digital Evidence Acquisition System on IAAS Cloud Computing Model using Live Forensic Method,” Scientific Journal of Informatics, Vol. 6, No. 1, Pp. 125–137, 2019. https://doi.org/10.15294/sji.v6i1.18424

[16] M. Kaur, N. Kaur, and S. Khurana, “A Literature Review on Cyber Forensic and its Analysis tools,” International Journal of Advanced Research Computer and Communication Engineering, Vol. 5, No. 1, Pp. 23–28, 2016.

[17] F. Bahtiar, N. Widiyasono, and A. P. Aldya, “Memory Volatile Forensik Untuk Deteksi Malware Menggunakan Algoritma Machine Learning,” Jurnal Teknik Informatika dan Sistem Informasi, Vol. 4, Pp. 242–253, 2018. http://dx.doi.org/10.28932/jutisi.v4i2.776

[18] D. S. Yudhistira, I. Riadi, and Y. Prayudi, “Live Forensics Analysis Method For Random Access Memory On Laptop Devices,” International Journal of Computer Science and Information Security, No. May, 2018.

[19] K. Hausknecht, D. Foit, and J. Burić, “RAM data significance in digital forensics,” 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO - Proceedings, No. May, Pp. 1372–1375, 2015. https://doi.org/10.1109/MIPRO.2015.7160488

[20] T. Rochmadi, I. Riadi, and Y. Prayudi, “Live Forensics for Anti-Forensics Analysis on Private Portable Web Browser,” International Journal of Computer Aplications (IJCA), Vol. 164, No. 8, Pp. 31–37, 2017. https://doi.org/10.5120/ijca2017913717

[21] S. Thomas, K. K. Sherly, and S. Dija, “Extraction of memory forensic artifacts from windows 7 RAM image,” 22013 IEEE Conference on Information and Communication Technologies, 2013, No. Ict, Pp. 937–942, 2013. https://doi.org/10.1109/CICT.2013.6558230

[22] R. Thantilage and N. Jeyamohan, “A volatile memory analysis tool for retrieval of social media evidence in windows 10 OS based workstations,” 2017 National Information Technology Conference (NITC), Pp. 86–88, 2017. https://doi.org/10.1109/NITC.2017.8285664

[23] A. Podile, K. Gottumukkala, and K. Sastry Pendyala, “Digital Forensic Analysis Of Malware Infected Machine-Case Study,” International Journal of Scientific & Technology Research, Vol. 4, No. 09, 2015.

[24] K. Wadner, “An Analysis of Meterpreter during Post-Exploitation,” 2014.

[25] R. Kaur and A. Kaur, “Digital Forensics,” International Journal of Computer Applications, Vol. 50, No. 5, Pp. 5–9, 2012. https://doi.org/10.5120/7765-0844

Refbacks

  • There are currently no refbacks.

Indexed by: 

    

Referencing Software:

Checked by:

Supervised by:

Statistic:

View My Stats


Creative Commons License Kinetik : Game Technology, Information System, Computer Network, Computing, Electronics, and Control by http://kinetik.umm.ac.id is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.