Analisis Forensik Jaringan Studi Kasus Serangan SQL Injection pada Server Universitas Gadjah Mada

摘要

Network forensic is a computer security investigation to find the sources of the attacks on the network by examining log evidences, identifying, analyzing and reconstructing the incidents. This research has been conducted at The Center of Information System and Communication Service, Gadjah Mada University. The method that used was The Forensic Process Model, a model of the digital investigation process, consisted of collection, examination, analysis, and reporting. This research has been conducted over five months by retrieving data that was collected from Snort Intrusion Detection System (IDS). Some log files were retrieved and merged into a single log file, and then the data cleaned to fit for research. Based on the research, there are 68 IP address was that did illegal action, SQL injection, on server www.ugm.ac.id . Most of attackers using Havij and SQLmap (automated tools to exploit vulnerabilities on a website). Beside that, there was also Python script that was derived from the continent of Europe in Romania.