Pengantar Komputer Forensik Teknologi Informasi
Transcript of Pengantar Komputer Forensik Teknologi Informasi
![Page 1: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/1.jpg)
Pengantar Komputer Forensik Teknologi Informasi
2010Komputer Forensik1
Mobile forensic
UNIVERSITAS GUNADARMA
Fakultas Teknologi Industri
Jurusan Teknik Informatika
![Page 2: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/2.jpg)
Handheld devices
Cellular Phone – GSM,
CDMA
Personal Digital Assistance
(PDA)
Smart phone (hybrid)
![Page 3: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/3.jpg)
Tablet PC
Menggunakan WiFi atau
modem
![Page 4: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/4.jpg)
Mobile Storage Devices
SIM Card
Memory card
MMC (Multi-MediaCard)
SD (Secure Digital) Card
Memory Stick
TransFlash atau MicroSD
![Page 5: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/5.jpg)
Mobile Storage Devices
USB Flash disk
External hard disk
![Page 6: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/6.jpg)
Digital Evidence in Mobile Device
Handset Memory
SIM Card
USIM (3G SIM)
Memory Card
![Page 7: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/7.jpg)
Data in Handset Memory
• Audio Files (Music and Voice)
• Calendar Entries
• Call History (Inbound and
Outbound)
• Contacts/Phonebook
• Internet History
• Instant Messaging (IM) chat
• Memos
• Multimedia Messages (MMS)
• Pictures
• Short Message Service (SMS) or Text Messages
• System Firmware Information
• T9 Dictionaries
• Telecommunication Settings
• Videos
• Voice Mail
![Page 8: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/8.jpg)
Data in SIM Card
Last Number Dialed (LDN)
Phonebook/Contacts (ADN)
Text Messages (SMS), including deleted text messages
Location information (LOCI) from position of last usage
Service Related Information
![Page 9: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/9.jpg)
Data in USIM Card
PIN1, PIN2 (Personal Identification Number)
PIN1 akses ke handset
PIN2 melindungi network setting
PUK1, PUK2 codes (Personal Unlocking Key)
![Page 10: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/10.jpg)
Data in Memory Card
Pictures
Movies
Audio Files
Documents
![Page 11: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/11.jpg)
Data from NSP
Network Service Provider
Subscriber Information
Call Data Records - related to phone calls and text messages
Subscriber Location - this relates to geo location of the
physical device, in an effort to track the subscriber
![Page 12: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/12.jpg)
Mobile Operating System
• Google's Android
• Apple's iOS
• RIM's BlackBerry OS
• Microsoft's Windows Phone
• Linux
• HP's webOS
• Samsung's Bada
• Nokia's MeeGo
![Page 13: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/13.jpg)
Mobile Forensic Process
Seizure Penyitaan barang bukti
Acquisition Mengambil data dari barang bukti
Examination and Analysis Pemeriksaan data dan analisis
dengan tools
Seizure AcquisitionExamination and
Analysis
![Page 14: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/14.jpg)
Data Acquisition Types
Physical acquisition
Menyalin setiap bit dari keseluruhan penyimpanan fisik (memory
chip)
Akses langsung ke flash memory
Dapat melihat file yang telah dihapus dan sisa-sisa data untuk
diperiksa.
![Page 15: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/15.jpg)
Data Acquisition Types
Logical acquisition
Menyalin setiap bit dari objek penyimpanan logika (direktori dan
file)
Butuh interface dari vendor untuk sinkronisasi isi device dengan PC.
Sistem file lebih mudah untuk diekstrak dan dikelola
Tidak dapat melihat data yang telah dihapus
![Page 16: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/16.jpg)
Data Acquisition Types
Manual acquisition
Menggunakan user interface untuk menginvestigasi isi dari memory
Transformasi data mentah menjadi informasi yang dapat dibaca manusia
Hanya data yang terlihat oleh sistem operasi yang dapat diperoleh
kembali
![Page 17: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/17.jpg)
JTAG
Joint Test Action Group
(JTAG)
Untuk me-recover memory
![Page 18: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/18.jpg)
Tool Assessment
Skenario dipisahkan antara simple dan smart phone, serta
aktivitasnya
Pengumpulan data konten dari device dan/atau SIM card
terkait serta memory
Pemeriksaan data
Rating apakah hasil sesuai yang diharapkan
![Page 19: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/19.jpg)
Mobile Forensic Tools
Tools untuk device
Tools untuk simcard
![Page 20: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/20.jpg)
Paraben mobile forensic
http://www.paraben.com
Device Seizure
Mobile Field
DS Box
SIM Card Seizure
StrongHold Bag
StrongHold Box
Project-A-Phone
![Page 21: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/21.jpg)
XRY forensic tools
Program + Cable
Terlengkap untuk berbagai
handphone
Dari MicroSystemation
http://www.msab.com
Dengan program XACT dapat
memeriksa mobile devices yang
filenya dihapus
![Page 22: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/22.jpg)
Mobile Device Forensic ToolsFungsi Fitur
pilot-link Acquisition • Palm OS phones
• Open source non-forensic software
• Tidak support recovery informasi SIM
• Hanya dengan cable interface
Oxygen PM
(forensic
version)
Acquisition,
Examination,
Reporting
• GSM phones tertentu
• Supports only internal SIM acquisition
MOBILedit! For
nsic
Acquisition,
Examination,
Reporting
• GSM phones tertentu
• Internal and external SIM support
• Support cable dan IR interfaces
![Page 23: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/23.jpg)
Mobile Device Forensic ToolsFungsi Fitur
BitPIM Acquisition,
Examination
• CDMA phones tertentu
• Open source software with write-blocking
capabilities
• No support for recovering SIM information
TULP 2G Acquisition,
Reporting
• GSM and CDMA phones that use the
supported protocols to establish connectivity
• Internal and external SIM support
• Requires PC/SC-compatible smart card
reader for external SIM cards
• Cable, Bluetooth, and IR interfaces
supported
![Page 24: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/24.jpg)
SIM toolkit
Ada JVM di dalam SIM
Operator dapat menginstal program melalui OTA – Over The Air
(secara remote tanpa diketahui)
Standard yang “vulnerable” invisible flags, binary updates, call-
control, proprietary
![Page 25: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/25.jpg)
XRY SIM ID cloner
Memungkinkan menggunakan
handphone dengan SIM terkunci
Memungkinkan memeriksa cell
phone tanpa koneksi
![Page 26: Pengantar Komputer Forensik Teknologi Informasi](https://reader030.fdocuments.net/reader030/viewer/2022012423/6178414eaf8a71794e2ec7b6/html5/thumbnails/26.jpg)
SIM Card Forensic ToolsFungsi Fitur
ForensicSIM Acquisition,
Examination, Reporting
• External SIM cards only
• Produces physical facsimiles of SIM
for prosecutor and defense, and as a
storage record
Forensic Card
Reader
Acquisition, Reporting • External SIM cards only
SIMCon Acquisition,
Examination, Reporting
• External SIM cards only
Mobiledit!
Forensic
Acquisition,
Examination, Reporting
• Also recover information from SIM
card, when inserted in handset
SIMIS Acquisition,
Examination, Reporting
• External SIM cards only