Analisis Forensik Digital Memori Volatile untuk Mendapatkan Kunci Enkripsi Aplikasi Dm-Crypt
DOI:
https://doi.org/10.30865/json.v2i3.2998Keywords:
Computer Forensic, Disk Encryption, Digital Forensic, Dm-Crypt, Live Forensic AcquisitionAbstract
Disk encryption technology is something very useful in securing data. On the other hand, disk encryption can be used by criminals to hide the digital evidence. The information in the disk will be very useful for the investigation, but if the disk on the computer evidence encrypted then it will hamper the investigation process. The conditions will certainly be a challenge for investigator cybercrime to be able to find the disk encryption key, especially if the perpetrator did not cooperate in the investigation process. The analysis of the image memory to get the encryption key will be helpful in the investigation. In the overall memory activity on the computer evidence will be recorded, using a live image memory dump on the computer evidence, the decryption keys can be recovered. This paper will discuss about forensic analysis to getting the disk encryption key on the dm-crypt is used to encrypt the disk on Linux operating system and prove that through forensic image memory on a live memory dump, key dm-crypt disk encryption can be found with a success percentage of 80%. On this paper the research will be focused on the Linux operating system with dm-crypt function to full disk encryption.References
M. I. Al-Saleh, E. Qawasmeh, and Z. A. Al-Sharif, “Utilizing debugging information of applications in memory forensics,†Journal of Universal Computer Science, vol. 26, no. 7, 2020.
D. Chakraborty, C. M. López, and P. Sarkar, “Disk Encryption: Do We Need To Preserve Length?,†Journal of Cryptographic Engineering, vol. 8, no. 1, 2018, doi: 10.1007/s13389-016-0147-0.
H. Alamsyah, R. -, and A. al Akbar, “Analisa Keamanan Jaringan Menggunakan Network Intrusion Detection and Prevention System,†JOINTECS (Journal of Information Technology and Computer Science), vol. 5, no. 1, 2020, doi: 10.31328/jointecs.v5i1.1240.
C. Meijer and B. van Gastel, “Self-encrypting deception: Weaknesses in the encryption of solid state drives,†in Proceedings - IEEE Symposium on Security and Privacy, 2019, vol. 2019-May, doi: 10.1109/SP.2019.00088.
S. M. Pg Scholar and M. Krishnan, “Forensic Recovery of Fully Encrypted Volume,†International Journal of Computer Applications, 2014.
C. Tan, L. Zhang, and L. Bao, “A Deep Exploration of BitLocker Encryption and Security Analysis,†in International Conference on Communication Technology Proceedings, ICCT, 2020, vol. 2020-October, doi: 10.1109/ICCT50939.2020.9295908.
L. Zhang, X. Deng, and C. Tan, “An extensive analysis of truecrypt encryption forensics,†2019, doi: 10.1145/3331453.3361328.
F. Franzen, M. Andreas, and M. Huber, “FridgeLock: Preventing Data Theft on Suspended Linux with Usable Memory Encryption,†2020, doi: 10.1145/3374664.3375747.
Š. Balogh and M. Pondelik, “Capturing encryption keys for digital analysis,†2011, doi: 10.1109/IDAACS.2011.6072872.
Y. Hu, J. C. S. Lui, W. Hu, X. Ma, J. Li, and X. Liang, “Taming energy cost of disk encryption software on data-intensive mobile devices,†Future Generation Computer Systems, vol. 107, 2020, doi: 10.1016/j.future.2017.09.025.
A. Visconti, O. MosnáÄek, M. Brož, and V. Matyáš, “Examining PBKDF2 Security Margin—Case Study Of LUKS,†Journal of Information Security and Applications, 2019, doi: 10.1016/j.jisa.2019.03.016.
J. A. Lapso, G. L. Peterson, and J. S. Okolica, “Whitelisting system state in windows forensic memory visualizations,†Digital Investigation, vol. 20, 2017, doi: 10.1016/j.diin.2016.12.002.
F. Block and A. Dewald, “Windows Memory Forensics: Detecting (Un)Intentionally Hidden Injected Code by Examining Page Table Entries,†Digital Investigation, vol. 29, 2019, doi: 10.1016/j.diin.2019.04.008.
N. Lewis, A. Case, A. Ali-Gombe, and G. G. Richard, “Memory forensics and the windows subsystem for linux,†2018, doi: 10.1016/j.diin.2018.04.018.
X. Zhang, L. Hu, S. Song, Z. Xie, X. Meng, and K. Zhao, “Windows volatile memory forensics based on correlation analysis,†Journal of Networks, vol. 9, no. 3, 2014, doi: 10.4304/jnw.9.3.645-652.
I. Riadi and I. M. Nasrulloh, “Analisis Forensik Solid State Drive ( Ssd ) Menggunakan Framework Grr Rapid Response Forensic Analysis Of Solid State Drives ( Ssd ) Using The Grr Rapid Response Framework,†Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 6, no. 5, 2019.
