Professional Documents
Culture Documents
NIM : 2302210002
E-mail :
irwanhariyanto@student.telkomuniversity.ac.id
Supervisor 1 : Rimba Whidiana Ciptasari, S.Si., M.T.,
Ph.D
Progress Summary:
This is a summary and a word length of 300 words. Summary is
written briefly from the entire contents of the thesis/proposal and so
on until it is finished.
1
1 INTRODUCTION
At the collection stage in the digital forensics framework on the webserver,
there is still no proper seizure section. The current condition, when seizing
a webserver, the method used is to deface the main page of the website and
perform a takedown on the server. This is done to stop the flow of data that
affects the collection so that the acquisition process can run properly. The
seizure of the webserver here can be a physical webserver or in the cloud that
ing, and acquiring data from relevant data sources, while following procedures
that maintain data integrity. In the collection stage, it is not clearly explained
how to seize the web server. The new private cloud computing investigation
framework was previously based on SNI 27037:2014 called the Private Cloud
2
Figure 1: NIST Framework [2]
cation calculates the hash of the copied files as shown in figure 3. The seizure of
web servers has the same position as a physical seizure such as seizure of PCs,
smartphones, hard disks, flash drives, and other storage media., but there is
still no framework for seizing web servers in particular, which is very important
to support the validity of data acquisition. This affects the validity of website
seize the webserver clearly to support the validity of the acquisition and its
legal aspects. In the seizure carried out previously by defacing and takedown
the validity of its aspects or its legal standing is correct or not. Therefore, a
special framework is needed to seize the webserver so that the acquisition of the
3
Figure 2: Forensic Investigation Framework [10]
4
Figure 3: Forensic Investigation Framework [6]
5
2 Preliminary Literature Review
In the Operation Seizing Our Sites: How The Federal Government is Taking Do-
main Names Without Prior Notice Document Journal this enforcement effort is
the process that the National Intellectual Property Rights Coordination Center
(“IPR Center”), ICE, and the Department of Justice (“DOJ”) employ to seize
these domains has raised red flags among members of Congress and the public
seize a domain name without any prior notice to the website operator, essen-
tially leaving them in the dark. ICE agents and DOJ attorneys only need to
show probable cause that the website in question engaged in one of the enumer-
judge.[7]
In Advanced evidence collection and analysis of web browser activity [5] there
a new evidence collection and analysis methodology, the new tool based on
the proposed methodology and a comparison with other tools is reported [5].
Whereas in the context seizuring of a website, there are at least the parameters
seizured.
ing information, namely in the ”Details of search warrants and other authorities
6
applicable to the investigation, including the limits of the search and seizure”
section. Meanwhile, the NIST does not explain clearly how to do seizures, but
the collection section only explains how to retrieve data for acquisition. Specifi-
cally for The Private Cloud Investigation Framework, there is a collection section
from the requirements associated with law enforcement entering a location and
seizing a server. [8] Additionally there are ’adversarial scraping’ studies for
academic research, which involve collecting data from websites that employ
defenses against traditional web scraping tools. [12] In the event of a cybercrime
it is temporary, with new sites starting and ceasing operations quickly (eg due
to police takedowns). [8] From the several cybercrime cases above, an additional
web server. However, it should be considered that while most website takedown
is done to interrupt and prevent criminal activities, there are different disruption
enterprises. [8]
the logs contained on the webserver. Web server log records entries related to
the Web pages running on the Web server. The entries contain history for a
7
page request, client IP address, date and time, HTTP code, and bytes served
tion and transactions for the territory of Indonesia. In some countries there are
that ”Where other provisions are in place other than those regulated in Article
cedure Law Article 38 (1) Seizure may only be carried out by an investigator
with the permission of the head of the local district court. Article 39 (1) What
act criminal; b. objects that have been used directly to perform acts crime or
that have a direct relationship with the criminal act conducted. (2) Objects
that are in seizure due to civil cases or due to bankruptcy can also be seizured
for the purposes of investigation, prosecution and trial criminal case, as long
as it complies with the provisions of paragraph (1). [1] in the context of pro
8
From the several papers and references above, there has not been a webserver
seizure framework that complies with seizure rules. The seizure process on the
with applicable legal norms. Currently there is only a framework for conducting
framework.
9
3 Problem Statement
Based on the existing framework, the framework still has shortcomings, among
others:
takedown)
to maintain its validity in accordance with applicable legal norms so that the
With the establishment of this website seizure framework, the validity of the
website seizure procedure can be maintained. Each stage in the framework will
the investigation.
10
5 Proposed Framework
More specifically, the section comprises the following components:
1. Requirement identification
From some of the existing frameworks, there are requirements for con-
dependently just for research. The webserver was built using vmware
flashdisk and acquiring it using FTK Imager. The results are in the
picture.
servers.
11
2. Design process
experts. The to do list carried out in the design of this framework devel-
the Spiral Model for Digital Forensics Investigation [9] and DFMF: A Dig-
practically implementable.
12
Figure 4: Spiral Model for Digital Forensics Investigation [9]
The spiral model explains how to compare several frameworks which are
13
Figure 5: Relationship between the dimensions [4]
cus is on the legal and judicial dimension as shown in the figure 5. There
ture.
be competent.
- Identify the legal and judicial requirements for the specific incident.
From the four to-do-lists, it can be concluded that legal and judicial
14
Figure 6: Proposed Framework Design
From the to-do-list above, there is a view to design the seizure framework
Legal, Procedure, and People sections which validate the seizure process.
and laws that apply when conducting seizures. The Criminal Procedure
Law [1] outlines who conducts the seizure and how. Whereas in other
does not show validation of seizure because it is only found in the Criminal
Procedure Code.
when it takes effect, and to whom it applies. This will have an impact on
the competence of humans who carry out seizures in the People section.
In the use of digital forensic tools, it must be clear how these tools are
used in making seizures and whether they are included in the applicable
15
Figure 7: Proposed Seizure Framework Process
standards.
personnel who do it. This can be seen from certificates of competence, ex-
carrying out investigative procedures are needed to account for the inves-
tigation process.
The three stages are simplified into the Proposed Seizure Framework Pro-
Sections there are processes that can be unified into the same work section
obtain validation that the seizure is carried out correctly, there must be
legal guidance in the form of applicable laws and regulations. This is very
important so that the seizure procedure runs according to the rules and
legally. The procedure for seizing electronic evidence, in this case the web
server, must exist so that the process of taking the web server can be
16
Figure 8: Design on seizure acquisition webserver
sonnel do, what competencies they have, and the techniques used. This
can be done by physically seizing the webserver, the cloud account, or the
backend account.
in the framework where it must be carried out. From the collection section
17
Figure 9: Flashdisk used to store server dumps
3. Implementation process
- Domain: https://serving03.sibernet.id/wordpress
- Backend: https://server03.sibernet.id/wordpress/wp-login.php?
- ip address 1 : server03.sibernet.idserver03.sibernet.id./172.67.149.86
- ip address 2 : server03.sibernet.idserver03.sibernet.id./104.21.55.167
Next, log into the webserver account and dump the contents of the web-
server. Then the results are copied into a flashdisk (because the size is
18
Figure 10: The Flashdik is plugged into a writeblocker to maintain the integrity
of the data it contains
19
Figure 12: Fill in the identity parameters of electronic evidence
20
Figure 14: Completed acquisition
21
Figure 16: Analysis process using FTK Imager
22
Figure 18: input the acquired image file
23
Figure 20: Finish extraction
24
4. Experiment design and plan (including data collection process)
ment result
The analysis method using subject matter expert. The expertise can in-
the example. You may adjust the activities and time schedule according to the
problem.
25
Table 2: Activity Schedule
SEMESTER
Activity 1 2 3 4
1 Literature study
2 Problem identification
3 Contribution formulation
4 Hypothesis formulation
5 Proposal
6 Data collection
7 Requirement identification
8 Design process
9 Implementation process
10 Experiment design
11 Evaluation and analysis
12 Thesis draft
26
Sign Date:
( )
Sign Date:
( )
27
References
[1] Republik Indonesia, “Undang-Undang Republik Indonesia Nomor 8 Tahun
86),” NIST Special Publication, vol. 10, no. August, pp. 800–886, 2006.
nistspecialpublication800-86.pdf.
tahun-2008.
nl/login??url=https://www.proquest.com/dissertations-theses/
dfmf-digital-forensic-management-framework/docview/2566013646/
openurl/UBL/UBL_services_page?url_ver=Z39.88-2.
[5] J. Oh, S. S. Lee, and S. S. Lee, “Advanced evidence collection and analysis
28
S70, 2011, issn: 17422876. doi: 10.1016/j.diin.2011.05.008. [Online].
Available: http://dx.doi.org/10.1016/j.diin.2011.05.008.
NOTICE,” The Sciences, vol. 35, no. 3, pp. 41–45, 2013. [Online]. Avail-
able: https://lawcat.berkeley.edu/record/1125659/files/fulltext.
pdf.
vent crime,” eCrime Researchers Summit, eCrime, vol. 2016-June, pp. 102–
[9] S. Kothari and H. Hasija, “Spiral Model for Digital Forensics Investiga-
pp. 312–324, 2017, issn: 18650929. doi: 10.1007/978- 981- 10- 6898-
0_26.
Ilmiah Teknologi Informasi, vol. 10, no. 3, p. 181, 2019, issn: 2088-1541.
doi: 10.24843/lkjiti.2019.v10.i03.p06.
29
[11] T. Raja Sree and S. Mary Saira Bhanu, “Data Collection Techniques for
doi: 10.5772/intechopen.82013.
Privacy Workshops, Euro S and PW 2020, pp. 428–437, 2020. doi: 10.
1109/EuroSPW51379.2020.00064.
30