UNPAB – Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.
Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.
Two systems are commonly used to collect network data; a brute force “catch it as you can” and a more intelligent “stop look listen” method.
Network forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).
Marcus Ranum is credited with defining Network forensics as “the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.”
Compared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.
Systems used to collect network data for forensics use usually come in two forms:
- “Catch-it-as-you-can” – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.
- “Stop, look and listen” – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.
Network Forensic (forensic jaringan) merupakan cabang dari forensik digital yang akan membahas pemantauan dan analisis lalu lintas jaringan komputer untuk tujuan pengumpulan informasi, bukti hukum, atau deteksi intrusi., sehingga kejahatan komputer (cybercrime) dengan pemanfaatan sistem jaringan dapat dideteksi dan diantisipasi (Incident Response).
- Mahasiswa mengerti, memahami dan dapat mengimplementasikan konsep Network Forensic dan Incident Response pada sistem jaringan (Network Infrastructure) yang sedang berjalan pada sebuah Institusi/Lembaga.
- Mahasiswa dapat mengimplementasikan Network Forensic pada sistem jaringan yang sedang diserang (network instrusion).
- Sammons, 2015, Basics of Digital Forensics, Second Edition_ The Primer for Getting Started in Digital Forensics, Syngress, USA
- John R. Vacca, 2005, Computer Forensics Computer Crime Scene Investigation ~ 2nd Edition, Charles River Media, Boston
- Buchanan, William J, 2011, Introduction to Security and Network Forensics, CRC Press
- EC-Council, 2009, Computer Forensics_ Investigating Network Intrusions and Cybercrime, Cengage Learning
- Chris Prosise Kevin Mandia, 2003, Incident Response_ Investigating Computer Crime 1st and 2nd 3rd edition, McGrawwHill
- Sherri Davidoff, Jonathan Ham, Network Forensics_ Tracking Hackers through Cyberspace, 2012, Pearson Education
- Yoram Orzach, 2013, Network Analysis Using Wireshark Cookbook. Packt Publishing
- Eric Seagren, 2006, Secure Your Network For Free _ Using Nmap, Wireshark, Snort, Nessus, and MRGT, Syngress
- Bejtlich, 2013, The practice of network security monitoring_understanding incident detection and response, No Starch Press
|Part.||Materi Kuliah||Silahkan Download|
|1.||Pengenalan, Kontrak Belajar , SAP dan Silabus dan Pengantar Mata Kuliah Network Forensic & Incident Response||Download|
|2.||Network Forensic Fundamental||Download|
|3.||Incident Response Fundamental||Download|
|4.||Network Technologies & Protocol Identification||Download|
|5.||ARP Protocol Identification||Download|
|6.||ICMP Protocol Identification||Download|
|7.||DHCP & DNS Protocol Identification||Download|
|8.||Ujian Tengah Semester (UTS)|
|9.||IP Protocol Identification||Download|
|10.||TCP & UDP Protocol Identification||Download|
|11.||HTTP & FTP Protocol Identification||Download|
|12.||SMTP, POP3 dan IMAP Protocol Identification||Download|
|13.||TSL & SSL Protocol Identification (case)||Download|
|14.||WLAN Protocol Identification||Download|
|15.||Case Study & Project||Download|
|16.||UAS (Ujian Akhir Semester)|
Untuk setiap tugas yang sudah diberikan harap dipublikasi melalui blog masing-masing, kemudian link tugasnya diinformasikan ke group kelas Matakuliah Network Forensic & Incident Response (recomended) dengan format penamaan file dan subject sebagai berikut;