Analisis Forensik Komputer Pada Lalu Lintas Jaringan

Abstract

The purpose of this research is to analyze and report the contents of a network-captured file (nitroba.pcap.zip), which is an archive containing network based activities monitored and logged in Nitroba University network using network forensics tool called Wireshark. The network capture file downloaded from file share website/repository of Queensland University of Technology (QUT) Brisbane, Australia. This network-captured file contains activities may against cyber laws. In addition, this file was extracted to nitroba.pcap file on a local hard drive before carrying out forensic analysis. The network reported that there were activities by an individual sending harassing email to Lily Tuckrige. The message contains an IP address 140.247.62.34 in the message full headers and IP address points to Nitroba University dorm room. The analysis attempts to reconstruct the structure of the network, identify key players in the network and determine all activities leading to and occurring during the reported malicious activity. The analysis was carried out mainly using network forensic tools such as Wireshark v1.10.2 and NetworkMiner v1.5. The analysis of a network capture file nitroba.pcap resulted in the recovery of a number of value evidences. Final computer forensics investigation resulted in three main key findings and six item of supporting evidences from the analysis. Two items of the evidence containing the same message sent to Lily Tuckrige. One HTTP packet indicated the suspect’s email address, namely jcoachj@gmail.com and six packets contain hostile messages. All the items of the evidence traced from IP address 192.168.15.4 and proved that Johnny Coach, one of Lily Tuckrige’s students was the person who sent the harassing emails.