thinking, doing and writing..!!

Network Forensic & Incident Response

UNPAB – Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.

Network forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.

Two systems are commonly used to collect network data; a brute force “catch it as you can” and a more intelligent “stop look listen” method.

Network forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).

Marcus Ranum is credited with defining Network forensics as “the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents.”

Compared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.

Systems used to collect network data for forensics use usually come in two forms:

  • “Catch-it-as-you-can” – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.
  • “Stop, look and listen” – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.

Deskripsi Matakuliah;

Network Forensic (forensic jaringan) merupakan cabang dari forensik digital yang akan membahas pemantauan dan analisis lalu lintas jaringan komputer untuk tujuan pengumpulan informasi, bukti hukum, atau deteksi intrusi., sehingga kejahatan komputer (cybercrime) dengan pemanfaatan sistem jaringan dapat dideteksi dan diantisipasi (Incident Response).

Standard Kompetensi;

  • Mahasiswa mengerti, memahami dan dapat mengimplementasikan konsep Network Forensic dan Incident Response pada sistem jaringan (Network Infrastructure) yang sedang berjalan pada sebuah Institusi/Lembaga.
  • Mahasiswa dapat mengimplementasikan Network Forensic pada sistem jaringan yang sedang diserang (network instrusion).

Daftar Pustaka;

  • Sammons, 2015, Basics of Digital Forensics, Second Edition_ The Primer for Getting Started in Digital Forensics, Syngress, USA
  • John R. Vacca, 2005, Computer Forensics Computer Crime Scene Investigation ~ 2nd Edition, Charles River Media, Boston
  • Buchanan, William J, 2011, Introduction to Security and Network Forensics, CRC Press
  • EC-Council, 2009, Computer Forensics_ Investigating Network Intrusions and Cybercrime, Cengage Learning
  • Chris Prosise Kevin Mandia, 2003, Incident Response_ Investigating Computer Crime 1st and 2nd 3rd edition, McGrawwHill
  • Sherri Davidoff, Jonathan Ham, Network Forensics_ Tracking Hackers through Cyberspace, 2012, Pearson Education
  • Yoram Orzach, 2013, Network Analysis Using Wireshark Cookbook. Packt Publishing
  • Eric Seagren, 2006, Secure Your Network For Free _ Using Nmap, Wireshark, Snort, Nessus, and MRGT, Syngress
  • Bejtlich, 2013, The practice of network security monitoring_understanding incident detection and response, No Starch Press

Materi Pemebelajaran;

Part. Materi Kuliah Silahkan Download
1. Pengenalan, Kontrak Belajar , SAP dan Silabus dan Pengantar Mata Kuliah Network Forensic & Incident Response  Download
 2.  Network Forensic Fundamental  Download
3.  Incident Response Fundamental  Download
4.  Network Technologies & Protocol Identification  Download
5.  ARP Protocol Identification  Download
 6.  ICMP Protocol Identification  Download
 7.  DHCP & DNS Protocol Identification  Download
 8. Ujian Tengah Semester (UTS)
 9.  IP Protocol Identification  Download
 10.  TCP & UDP Protocol Identification  Download
 11.  HTTP & FTP Protocol Identification  Download
 12.  SMTP, POP3 dan IMAP Protocol Identification  Download
 13.  TSL & SSL Protocol Identification (case)  Download
14.  WLAN Protocol Identification  Download
15.  Case Study & Project  Download
16. UAS (Ujian Akhir Semester)


Untuk setiap tugas yang sudah diberikan harap dipublikasi melalui blog masing-masing, kemudian link tugasnya diinformasikan ke group kelas Matakuliah Network Forensic & Incident Response (recomended) dengan format penamaan file dan subject sebagai berikut;

–Subject : Tugaske??_NIM_Prodi_Sem
–Attachment : NIM_Nama_Prodi_Sem_Tugaske??