Issue

Vol. 5, No. 2, May 2020

Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems

https://doi.org/10.22219/kinetik.v5i2.1037
Danar Cahyo Prakoso
Universitas Islam Indonesia
Imam Riadi
Universitas Ahmad Dahlan
Yudi Prayudi
Universitas Islam Indonesia

Corresponding Author(s) : Danar Cahyo Prakoso

danarcahyop@gmail.com

Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, Vol. 5, No. 2, May 2020

Abstract

Information technology has become an essential thing in the digital era as it is today. With the support of computer networks, information technology is used as a medium for exchanging data and information. Much information is confidential. Therefore, security is also essential. Metasploit is one of the frameworks commonly used by penetration testers to audit or test the security of a computer system legally, but it does not rule out the possibility that Metasploit can also be used for crime. For this reason, it is necessary to carry out a digital forensic process to uncover these crimes. In this study, a simulation of attacks on Windows 10 will be carried out with Metasploit. Then the digital forensics process uses live forensics techniques on computer RAM, where the computer RAM contains information about the processes running on the computer. The live forensic technique is important because information on RAM will be lost if the computer is off. This research will use FTK Imager, Dumpit, and Magnet RAM Capture as the RAM acquisition tool and Volatility as the analysis tool. The results of the research have successfully shown that the live forensics technique in RAM is able to obtain digital evidence in the form of an attacker's IP, evidence of exploits/Trojans, processes running on RAM, operating system profiles used and the location of the exploits/Trojan when executed by the victim.

Keywords

Digital Forensics RAM Forensics Live Forensics Metasploit Digital Evidence
Prakoso, D. C., Riadi, I., & Prayudi, Y. (2020). Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 5(2), 155-160. https://doi.org/10.22219/kinetik.v5i2.1037
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX
References
  1. N. Anwar and I. Riadi, “Analisis Investigasi Forensik WhatsApp Messanger Smartphone Terhadap WhatsApp Berbasis Web,” Jurnal Ilmiah Teknik Elektro Komputer dan Informatika, Vol. 3, No. 1, Pp. 1–10, 2017.
  2. D. A. Arifah, “Kasus Cybercrime Di Indonesia,” Jurnal Bisnis dan Ekonomi, Vol. 18, No. 2, Pp. 185–195, 2011.
  3. H. Gupta and R. Kumar, “Protection against penetration attacks using Metasploit,” 2015 4th International Conference on Reliability, Infocom Technologies and Optimization: Trends and Future Directions, ICRITO 2015, Pp. 2–5, 2015. https://doi.org/10.1109/ICRITO.2015.7359226
  4. U. Timalsina and K. Gurung, “Metasploit Framework with Kali Linux,” No. April 2015, Pp. 0–8, 2017.
  5. I. Riadi and M. E. Rauli, “Live forensics analysis of line app on proprietary operating system,” Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control. 4(4)., Vol. 4, No. 3, 2019. https://doi.org/10.22219/kinetik.v4i4.850
  6. I. Riadi and E. Rauli, “Identifikasi Bukti Digital WhatsApp pada Sistem Operasi Proprietary Menggunakan Live Forensics,” Jurnal Teknik Elektro, Vol. 10, No. 1, Pp. 18–22, 2018. https://doi.org/10.15294/jte.v10i1.14070
  7. Ruhwan, I. Riadi, and Y. Prayudi, “Evaluation of Integrated Digital Forensics Investigation Framework for the Investigation of Smartphones Using Soft System Methodology Evaluation of Integrated Digital Forensics Investigation Framework for the Investigation of Smartphones Using Soft System,” International Journal of Electrical and Computer Engineering (IJECE), No. October, Pp. 2806–2817, 2017. http://doi.org/10.11591/ijece.v7i5.pp2806-2817
  8. I. Riadi, A. Yudhana, M. Caesar, and F. Putra, “Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method Forensic Tool Comparison on Instagram Digital Evidence Based on Android with The NIST Method,” Scientific Journal of Informatics, No. November, 2018. https://doi.org/10.15294/sji.v5i2.16545
  9. M. N. Faiz and W. A. Prabowo, “Comparison of Acquisition Software for Digital Forensics Purposes,” Kinetik, Vol. 4, No. 1, Febr. 2019, Vol. 4, No. 1, Pp. 37–44, 2019. https://doi.org/10.22219/kinetik.v4i1.687
  10. G. M. Zamroni and I. Riadi, “Instant Messaging Forensic Tools Comparison on Android Operating System,” Kinetik, Vol. 4, No. 2, Pp. 137–148, 2019. https://doi.org/10.22219/kinetik.v4i2.735
  11. H. K. Mann and Gurpal Singh Chhabra, “Volatile Memory Forensics : A Legal Perspective,” International Journal of Computer Applications, Vol. 155, No. 3, Pp. 11–15, 2016. http://doi.org/10.5120/ijca2016912276
  12. R. Dave, N. R. Mistry, and M. S. Dahiya, “Volatile Memory Based Forensic Artifacts & Analysis Volatile Memory Based Forensic Artifacts & Analysis,” International Journal for Research in Applied Science Engineering Technology, 2014.
  13. A. Kurniawan and Y. Prayudi, “Teknik Live Forensics Pada Aktivitas Zeus Malware Untuk Mendukung Investigasi Malware Forensics,” HADFEX (Hacking Digit. Forensics Exposed), No. June 2014, Pp. 1–5, 2014.
  14. W. Pranoto, I. Riadi, and Y. Prayudi, “Live forensics method for acquisition on the Solid State Drive ( SSD ) NVMe TRIM function,” Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 2020. https://doi.org/10.22219/kinetik.v0i0.1032
  15. D. Sudyana and N. Lizarti, “Digital Evidence Acquisition System on IAAS Cloud Computing Model using Live Forensic Method,” Scientific Journal of Informatics, Vol. 6, No. 1, Pp. 125–137, 2019. https://doi.org/10.15294/sji.v6i1.18424
  16. M. Kaur, N. Kaur, and S. Khurana, “A Literature Review on Cyber Forensic and its Analysis tools,” International Journal of Advanced Research Computer and Communication Engineering, Vol. 5, No. 1, Pp. 23–28, 2016.
  17. F. Bahtiar, N. Widiyasono, and A. P. Aldya, “Memory Volatile Forensik Untuk Deteksi Malware Menggunakan Algoritma Machine Learning,” Jurnal Teknik Informatika dan Sistem Informasi, Vol. 4, Pp. 242–253, 2018. http://dx.doi.org/10.28932/jutisi.v4i2.776
  18. D. S. Yudhistira, I. Riadi, and Y. Prayudi, “Live Forensics Analysis Method For Random Access Memory On Laptop Devices,” International Journal of Computer Science and Information Security, No. May, 2018.
  19. K. Hausknecht, D. Foit, and J. Burić, “RAM data significance in digital forensics,” 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO - Proceedings, No. May, Pp. 1372–1375, 2015. https://doi.org/10.1109/MIPRO.2015.7160488
  20. T. Rochmadi, I. Riadi, and Y. Prayudi, “Live Forensics for Anti-Forensics Analysis on Private Portable Web Browser,” International Journal of Computer Aplications (IJCA), Vol. 164, No. 8, Pp. 31–37, 2017. https://doi.org/10.5120/ijca2017913717
  21. S. Thomas, K. K. Sherly, and S. Dija, “Extraction of memory forensic artifacts from windows 7 RAM image,” 22013 IEEE Conference on Information and Communication Technologies, 2013, No. Ict, Pp. 937–942, 2013. https://doi.org/10.1109/CICT.2013.6558230
  22. R. Thantilage and N. Jeyamohan, “A volatile memory analysis tool for retrieval of social media evidence in windows 10 OS based workstations,” 2017 National Information Technology Conference (NITC), Pp. 86–88, 2017. https://doi.org/10.1109/NITC.2017.8285664
  23. A. Podile, K. Gottumukkala, and K. Sastry Pendyala, “Digital Forensic Analysis Of Malware Infected Machine-Case Study,” International Journal of Scientific & Technology Research, Vol. 4, No. 09, 2015.
  24. K. Wadner, “An Analysis of Meterpreter during Post-Exploitation,” 2014.
  25. R. Kaur and A. Kaur, “Digital Forensics,” International Journal of Computer Applications, Vol. 50, No. 5, Pp. 5–9, 2012. https://doi.org/10.5120/7765-0844
Read More
Author biographies is not available.
Download this PDF file
PDF
Statistic
Read Counter : 749 Download : 354

Downloads

Download data is not yet available.