Tugas MK Manajemen Investigasi Tindak Kriminal - Who When Where Why and How , Studi Kasus : Membuka File Enkripsi Distribusi Narkotika PDF

Preview

Summary

ANALISA DAN PEMANFAATAN BUKTI DIGITAL (Who, When, Where, Why and How) STUDI KASUS : MEMBUKA FILE ENKRIPSI JADWAL PENGIRIMAN NARKOBA MATA KULIAH MANAJEMEN INVESTIGASI TINDAK KRIMINAL Dosen : Yudi Prayudi, S.Si., M.Kom NUR WIDIYASONO 12917214 PROGRAM MAGISTER TEKNIK INFORMATIKA FAKULTAS TEKNOLOGI INDU...

Description

ANALISA DAN PEMANFAATAN BUKTI DIGITAL (Who, When, Where, Why and How) STUDI KASUS : MEMBUKA FILE ENKRIPSI JADWAL PENGIRIMAN NARKOBA MATA KULIAH MANAJEMEN INVESTIGASI TINDAK KRIMINAL Dosen : Yudi Prayudi, S.Si., M.Kom

NUR WIDIYASONO 12917214

PROGRAM MAGISTER TEKNIK INFORMATIKA FAKULTAS TEKNOLOGI INDUSTRI UNIVERSITAS ISLAM INDONESIA YOGYAKARTA 2014

Abstraksi

Kejahatan konvensional seperti peredaran narkoba saat ini sudah mulai bermigrasi memanfaatkan teknologi informasi. Agar terhindar dari pihak yang berwenang / kepolisian berbagai bentuk dilakukan termasuk informasi jadwal pengiriman narkoba dan daftar kontak pengedar di daerah yang dimaksud. Pada artikel ini diambil sebuah studi kasus berkas jadwal pengiriman narkoba yang sudah di enkripsi dan kemudian dilakukan sebuah analisa terhadap berkas tersebut tentang isi berkas yang sebenarnya dan jenis berkas ekstensi yang digunakan dengan menggunakan beberapa alat piranti lunak WinHex dan Kali-Linux Autopsy . Setelah berkas tersebut terbuka kemudian dilakukan analisa 4W1H (Who, When, Where, Why and How).

I. Pemanfaatan Bukti Digital Diketahui file enkripsi sebagai berikut : 1. File Challenge : The Challenge: a. The folks from Digital Forensic Research WorkShop have created a unique challenge for you. Your mission is to analyze a recovered floppy and answer the questions below. What makes this challenge unique, you will need to read the police report before continuing your challenge. Just like an investigation in the real world, you will have some background information and some evidence, but its up to you and your technical skills to dig up the answers. Below is the dd image of the recovered floppy. This is the image that will provide you the answers, providing you can 'extract' the data. Questions You can find all the criteria for judging and rules at the SotM main page. 1. Who is Joe Jacob's supplier of marijuana and what is the address listed for the supplier? 2. What crucial data is available within the coverpage.jpg file and why is this data crucial? 3. What (if any) other high schools besides Smith Hill does Joe Jacobs frequent? 4. For each file, what processes were taken by the suspect to mask them from others? 5. What processes did you (the investigator) use to successfully examine the entire contents of each file? Bonus Question: 6. What Microsoft program was used to create the Cover Page file. What is your proof (Proof is the key to getting this question right, not just making a guess). 2. File MD5 # md5.txt file for Autopsy Forensic Browser # Honeynet Scan of the Month # # MD5_value image ac3f7b85816165957cd4867e62cf452b image

3. The answer are: a. Jimmy Jungle 626 Jungle Ave Apt 2 Jungle, NY 11111 b. Password (PW )= goodtimes

c. Schedule.xls -- dirubah / direname menjadi 12.zip menggunakan password = gootimes

Schools Birard High School (D) Hull High School (F) Key High School (B) Leetch High School (C) Richter High School (E) Smith Hill High School (A)

Frequency 12 10 11 11 11 11

d. Dengan mengguna Autopsy atau WinHex , dengan menyembunyikan file asli Schedule Visits.xls* , dimana file berektensikan tersebut mengindikasi bukan file yang sebenarnya , dengan melakukan analisa terhadap size file. File Asli disembunyikan ke dalam File yang sudah dilakukan rename dengan menambahkan ekstensi .rar dan menggunakan password yang di dapat yaitu goodtimes. e. Pada Uji Coba kali ini menggunakan beberapa Tools , yaitu : • Menggunakan Autospy berbasis Kali linux / BackTracks • Menggunakan Forensics Tool Kit (FTK) • Menggunakan WinHex berbasis Windows

4. Cover File adalah :

5. Isi file kedua adalah : Jimmy Jungle 626 Jungle Ave Apt 2 Jungle, NY 11111 Jimmy: Dude, your pot must be the best – it made the cover of High Times Magazine! Thanks for sending me the Cover Page. What do you put in your soil when you plant the marijuana seeds? At least I know your growing it and not some guy in Columbia.

These kids, they tell me marijuana isn’t addictive, but they don’t stop buying from me. Man, I’m sure glad you told me about targeting the high school students. You must have some experience. It’s like a guaranteed paycheck. Their parents give them money for lunch and they spend it on my stuff. I’m an entrepreneur. Am I only one you sell to? Maybe I can become distributor of the year! I emailed you the schedule that I am using. I think it helps me cover myself and not be predictive. Tell me what you think. To open it, use the same password that you sent me before with that file. Talk to you later. Thanks, Joe -----------------------------------------------------------------------------------------------------------------------Kemudian File yang terdapat adalah file *.rar yang di dalamnya terdapat file *.xls yang berisikan jadwal / aktifitas pengiriman ke sekolah-sekolah. File ini sebelumnya di kamuflasekan ke dalam bentuk file lain sehingga diperlukan rename file ke aslinya dan ditambahkan password yang telah ditemukan. 6.

Pada file ke 3 , bersisikan seperti dibawah ini : # md5.txt file for Autopsy Forensic Browser # Honeynet Scan of the Month # # MD5_value image ac3f7b85816165957cd4867e62cf452b image

7. Dengan FTK adalah :

Sehingga jika diambil kesimpulan pada studi kasus ini : a. (Who) Pelakunya adalah : Jimmy Jungle, dan Joe Jacobs b.

(When) / Kapan terjadinya pengiriman , merujuk pada daftar file excel schedule visit yang telah berhasil dibuka / (decrypted) adalah :

Month

DAY

HIGH SCHOOLS

2002 April

Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1)

Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C)

Tuesday (2)

Birard High School (D)

Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5)

Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C)

Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5) Monday (1) Tuesday (2) Wednesday (3) Thursday (4) Friday (5)

Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E) Hull High School (F) Smith Hill High School (A) Key High School (B) Leetch High School (C) Birard High School (D) Richter High School (E)

May

June

c. Where , lokasi tempat pengiriman merujuk pada file excel schedule visit seperti pada tabel di atas , yaitu sekolah-sekolah yang sudah menjadi target penjualan narkoba tersebut. d. Why , disebabkan segment pengguna narkoba jika merujuk pada tabel jadwal kunjungan diatas lumayan besar , intensitas pengiriman yang dilakukan cukup tinggi. e. How , sebelum melakukan pengiriman narkoba tersebut telah dilakukan korespondensi melalui email dimana file attacment telah dilakukan proses ekripsi . sehingga hal tersebut tentunya bagi sebagian orang yang belum mengerti tentang proses file encryptions/decryptions , akan sulit untuk diketahui.

II.

Rangkuman Pada kasus peredaran narkoba saat ini di dalam melakukan korespondensi terhadap pelanggan-pelanggannya sudah menggunakan teknologi informasi , dimana informasi yang hendak disampaikan terlebih dahulu dilakukan proses enkripsi sehingga tentunya hal ini akan sulit di deteksi oleh pihak yang berwajib. Peningkatan sumber daya manusia dari sisi petugas kepolisian atau badan yang berwenang , sudah harus mengetahui perkembangan teknologi informasi, termasuk di dalam bagaimana untuk mendapatkan informasi, ataupun bukti-bukti digital , sehingga dengan di dapatkannya bukti-bukti tersebut peredaran narkoba dapat dicegah sedini mungkin....