Analisis Forensik Digital Memori Volatile untuk Mendapatkan Kunci Enkripsi Aplikasi Dm-Crypt

 (*)Vipkas Al Hadid Firdaus Mail (Politeknik Negeri Malang, Malang, Indonesia)
 Dodit Suprianto (Politeknik Negeri Malang, Malang, Indonesia)
 Rini Agustina (Universitas Kanjuruhan Malang, Malang, Indonesia)

(*) Corresponding Author

DOI: http://dx.doi.org/10.30865/json.v2i3.2998

Abstract

Disk encryption technology is something very useful in securing data. On the other hand, disk encryption can be used by criminals to hide the digital evidence. The information in the disk will be very useful for the investigation, but if the disk on the computer evidence encrypted then it will hamper the investigation process. The conditions will certainly be a challenge for investigator cybercrime to be able to find the disk encryption key, especially if the perpetrator did not cooperate in the investigation process. The analysis of the image memory to get the encryption key will be helpful in the investigation. In the overall memory activity on the computer evidence will be recorded, using a live image memory dump on the computer evidence, the decryption keys can be recovered. This paper will discuss about forensic analysis to getting the disk encryption key on the dm-crypt is used to encrypt the disk on Linux operating system and prove that through forensic image memory on a live memory dump, key dm-crypt disk encryption can be found with a success percentage of 80%. On this paper the research will be focused on the Linux operating system with dm-crypt function to full disk encryption.

Keywords


Computer Forensic; Disk Encryption; Digital Forensic; Dm-Crypt; Live Forensic Acquisition

Full Text:

PDF


Article Metrics

Abstract view : 191 times
PDF - 55 times

References

M. I. Al-Saleh, E. Qawasmeh, and Z. A. Al-Sharif, “Utilizing debugging information of applications in memory forensics,” Journal of Universal Computer Science, vol. 26, no. 7, 2020.

D. Chakraborty, C. M. López, and P. Sarkar, “Disk Encryption: Do We Need To Preserve Length?,” Journal of Cryptographic Engineering, vol. 8, no. 1, 2018, doi: 10.1007/s13389-016-0147-0.

H. Alamsyah, R. -, and A. al Akbar, “Analisa Keamanan Jaringan Menggunakan Network Intrusion Detection and Prevention System,” JOINTECS (Journal of Information Technology and Computer Science), vol. 5, no. 1, 2020, doi: 10.31328/jointecs.v5i1.1240.

C. Meijer and B. van Gastel, “Self-encrypting deception: Weaknesses in the encryption of solid state drives,” in Proceedings - IEEE Symposium on Security and Privacy, 2019, vol. 2019-May, doi: 10.1109/SP.2019.00088.

S. M. Pg Scholar and M. Krishnan, “Forensic Recovery of Fully Encrypted Volume,” International Journal of Computer Applications, 2014.

C. Tan, L. Zhang, and L. Bao, “A Deep Exploration of BitLocker Encryption and Security Analysis,” in International Conference on Communication Technology Proceedings, ICCT, 2020, vol. 2020-October, doi: 10.1109/ICCT50939.2020.9295908.

L. Zhang, X. Deng, and C. Tan, “An extensive analysis of truecrypt encryption forensics,” 2019, doi: 10.1145/3331453.3361328.

F. Franzen, M. Andreas, and M. Huber, “FridgeLock: Preventing Data Theft on Suspended Linux with Usable Memory Encryption,” 2020, doi: 10.1145/3374664.3375747.

Š. Balogh and M. Pondelik, “Capturing encryption keys for digital analysis,” 2011, doi: 10.1109/IDAACS.2011.6072872.

Y. Hu, J. C. S. Lui, W. Hu, X. Ma, J. Li, and X. Liang, “Taming energy cost of disk encryption software on data-intensive mobile devices,” Future Generation Computer Systems, vol. 107, 2020, doi: 10.1016/j.future.2017.09.025.

A. Visconti, O. Mosnáček, M. Brož, and V. Matyáš, “Examining PBKDF2 Security Margin—Case Study Of LUKS,” Journal of Information Security and Applications, 2019, doi: 10.1016/j.jisa.2019.03.016.

J. A. Lapso, G. L. Peterson, and J. S. Okolica, “Whitelisting system state in windows forensic memory visualizations,” Digital Investigation, vol. 20, 2017, doi: 10.1016/j.diin.2016.12.002.

F. Block and A. Dewald, “Windows Memory Forensics: Detecting (Un)Intentionally Hidden Injected Code by Examining Page Table Entries,” Digital Investigation, vol. 29, 2019, doi: 10.1016/j.diin.2019.04.008.

N. Lewis, A. Case, A. Ali-Gombe, and G. G. Richard, “Memory forensics and the windows subsystem for linux,” 2018, doi: 10.1016/j.diin.2018.04.018.

X. Zhang, L. Hu, S. Song, Z. Xie, X. Meng, and K. Zhao, “Windows volatile memory forensics based on correlation analysis,” Journal of Networks, vol. 9, no. 3, 2014, doi: 10.4304/jnw.9.3.645-652.

I. Riadi and I. M. Nasrulloh, “Analisis Forensik Solid State Drive ( Ssd ) Menggunakan Framework Grr Rapid Response Forensic Analysis Of Solid State Drives ( Ssd ) Using The Grr Rapid Response Framework,” Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 6, no. 5, 2019.

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Analisis Forensik Digital Memori Volatile untuk Mendapatkan Kunci Enkripsi Aplikasi Dm-Crypt

Refbacks

  • There are currently no refbacks.


Copyright (c) 2021 Vipkas Al Hadid Firdaus, Dodit Suprianto, Rini Agustina

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Jurnal Sistem Komputer dan Informatika (JSON)
Dikelola oleh STMIK Budi Darma
Sekretariat : Jln. Sisingamangaraja No. 338 Telp 061-7875998
email : jurnal.json@gmail.com


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.