| Summary: | Network forensic is a computer security investigation to find the sources of
the attacks on the network by examining log evidences, identifying, analyzing and
reconstructing the incidents. This research has been conducted at The Center of
Information System and Communication Service, Gadjah Mada University.
The method that used was The Forensic Process Model, a model of the
digital investigation process, consisted of collection, examination, analysis, and
reporting. This research has been conducted over five months by retrieving data
that was collected from Snort Intrusion Detection System (IDS). Some log files
were retrieved and merged into a single log file, and then the data cleaned to fit
for research.
Based on the research, there are 68 IP address was that did illegal action,
SQL injection, on server www.ugm.ac.id. Most of attackers using Havij and
SQLmap (automated tools to exploit vulnerabilities on a website). Beside that,
there was also Python script that was derived from the continent of Europe in
Romania.
|
|---|