Scribd Logo
Upload

Welcome to Scribd!

  • UAS - TI07 - DigiFor - Teknik Informatika - Faruq Aziz Saputra - 0110220287

    Uploaded by

    Faruq Aziz Saputra
    28 views15 pages
    Ann skipped bail and investigators monitored her network activity before she left. Through analyzing her email packet capture, the forensic investigator was able to determine: 1) Ann's email address and password she used to communicate with her secret lover Mr. X. 2) The email address of Ann's secret lover and details of the meeting Ann arranged, including items for them to bring. 3) An attachment Ann sent contained details of their rendezvous point in Playa del Carmen, Mexico. The investigator concluded by recovering evidence from the packet capture to identify Ann's location and close the case.

    Original Description:

    UAS_TI07_DigiFor_Teknik Informatika_Faruq Aziz Saputra_0110220287

    Original Title

    UAS_TI07_DigiFor_Teknik Informatika_Faruq Aziz Saputra_0110220287

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Ann skipped bail and investigators monitored her network activity before she left. Through analyzing her email packet capture, the forensic investigator was able to determine: 1) Ann's email address and password she used to communicate with her secret lover Mr. X. 2) The email address of Ann's secret lover and details of the meeting Ann arranged, including items for them to bring. 3) An attachment Ann sent contained details of their rendezvous point in Playa del Carmen, Mexico. The investigator concluded by recovering evidence from the packet capture to identify Ann's location and close the case.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views15 pages

    UAS - TI07 - DigiFor - Teknik Informatika - Faruq Aziz Saputra - 0110220287

    Uploaded by

    Faruq Aziz Saputra
    Ann skipped bail and investigators monitored her network activity before she left. Through analyzing her email packet capture, the forensic investigator was able to determine: 1) Ann's email address and password she used to communicate with her secret lover Mr. X. 2) The email address of Ann's secret lover and details of the meeting Ann arranged, including items for them to bring. 3) An attachment Ann sent contained details of their rendezvous point in Playa del Carmen, Mexico. The investigator concluded by recovering evidence from the packet capture to identify Ann's location and close the case.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    UAS DIGITAL FORENSIC

    Forensic Investigator
    Ann Skips Bail Use Case
    Faruq Aziz Saputra | 0110220287
    Ann Skips Bail Use Case
    After being released on bail, Ann Dercover disappears!
    Fortunately, investigators were carefully monitoring her
    network activity before she skipped town.

    “We believe Ann may have communicated with her secret


    lover, Mr. X, before she left,” says the police chief. “The packet
    capture may contain clues to her whereabouts.”
    1. What is Ann’s email address?
    2. What is Ann’s email password?
    3. What is Ann’s secret lover’s email address?

    You are forensic 4. What two items did Ann tell her secret lover
    to bring?

    investigator 5. What is the NAME of the attachment Ann


    sent to her secret lover?
    Your mission is to figure out what 6. What is the MD5sum of the attachment Ann

    Ann emailed, where she went, and sent to her secret lover?
    7. In what CITY and COUNTRY is their rendez-
    recover evidence including:
    vous point?
    8. What is the MD5sum of the image
    embedded in the document?
    Tools & File Investigation
    Laptop Lenovo Ideapad 5, Intel I7 Gen 11
    OS Windows 11
    Windows PowerShell
    Application Wireshark
    Evidence file : MD5 (evidence02.pcap) =
    cfac149a49175ac8e89d5b5b5d69bad3
    https://www.motobit.com/util/base64-
    decoder-encoder.asp
    1. What is Ann’s email
    address?

    Email yang digunakan Ann's adalah


    sneakyg33k@aol.com
    2. What is Ann’s email
    password?

    Kita Dapat paket data dengan format


    base64, kemudian melakukan decode
    di web motobit.com, dan hasilnya:

    AUTH LOGIN
    c25lYWt5ZzMza0Bhb2wuY29t :
    sneakyg33k@aol.com
    NTU4cjAwbHo= : 558r00lz

    Jadi, Passwordnya : 558r00lz


    3. What is Ann’s secret
    lover’s email address?

    Terlihat bahwa email


    mistersecretx@aol.com memanggil
    Ann dengan sweetheart dan love.

    Jadi, secret lovernya adalah


    mistersecretx@aol.com
    4. What two items did Ann
    tell her secret lover to bring?

    Dari isi email mistersecretx@aol.com


    terlihat kata "fake passport" dan
    "bathing suit", 2 benda ini yang
    akan dibawa oleh Ann.
    5. What is the NAME of the
    attachment Ann sent to her
    secret lover?
    Terlihat banyak Data Fragment,
    jadi email ini mengirim sebuah
    attachment dengan ukuran yang
    cukup besar.

    Pada hasil Follow TCP Stream,


    terlihat file attachmentnya yaitu
    secretrendezvous.docx
    6. What is the MD5sum of the attachment
    Ann sent to her secret lover?

    Setelah mendapat data dengan


    format base64, kita dump menjadi
    file secretrendezvous.bin

    Download dan rename nama file


    menjadi secretrendezvous.docx dan
    lakukan hashing file di Windows Power
    Shell dengan perintah :

    certutil -hashfile secretrendezvous.docx md5

    Terlihat md5 filenya adalah


    9e423e11db88f01bbff81172839e1923
    7. In what CITY and COUNTRY
    is their rendez-vous point?

    Buka file secretrendezvous.docx


    dan berisi gambar lokasinya yaitu :

    Kota Playa del Carmen di Negara


    Mexico
    8. What is the MD5sum of the image
    embedded in the document?

    Didalam file secretrendezvous.docx berisi


    gambar dengan nama image1.png, dan
    lakukan hashing file dengan perintah :

    certutil -hashfile image1.png md5

    Terlihat md5 filenya adalah


    aadeace50997b1ba24b09ac2ef1940b7
    Kesimpulan Case
    Setelah melakukan proses forensik file evidence02.pcap
    menggunakan wireshark, dan beberapa tools, saya mengerti
    tentang forensik email dan bagaimana melakukannya.

    Dalam hal ini saya menganalisis file email Ann dan saya tahu
    cara mendapatkan kata sandi, email tujuan, file lampiran, dll.

    Untuk kasus ini, penyelidik mendapatkan informasi keberadaan


    Ann melalui lampiran file yang dikirim oleh Ann ke kekasih
    rahasianya mengenai rencana dia untuk bertemu si secret lover.
    Pertemuan mereka diadakan di Playa del Carmen, Mexico, dan
    selesailah tugas investigator.
    Alhamdulillah
    Kasus Selesai
    Ditutup!
    Link Persentasi :
    https://drive.google.com/drive/folders/1pGRmrYcw3b4GZna6yEA5f7DCVdQvqs6p?
    usp=share_link

    You might also like