Laporan investigasi paul_dotcom
-
Upload
nabil-muhammad-firdaus -
Category
Technology
-
view
484 -
download
12
Transcript of Laporan investigasi paul_dotcom
LAPORAN
INVESTIGASI”The Missing of PaulDotCom”
Pemeriksa Forensic :
Nama/NIM : Galih Dian Khresna / 12523170
Nama/NIM : Nabil Muhammad Firdaus / 13523198
JURUSAN TEKNIK INFORMATIKAFAKULTAS TEKNOLOGI INDUSTRIUNIVERSITAS ISLAM INDONESIAKampus Terpadu UII Jl. Kaliurang Km. 14,5 – Yogyakarta (55584)
2
“The Missing of PaulDotCom”
3
Daftar Isi
Daftar Isi...................................................................................................................3
Identitas Kasus......................................................................................................... 4
Deskripsi Kasus....................................................................................................4
Detail File.............................................................................................................5
Informasi yang diinginkan................................................................................... 6
Proses Analisis......................................................................................................... 7
Hasil Analisis......................................................................................................... 10
4
Identitas Kasus
Deskripsi Kasus
Oh god ” is the first thought running through your mind as you crack open the
door. An odious wafting of day old vomit, sweat, and stale cigar washes across
you as the door moves from cracked to ajar. The room is pitch black, a dirty and
exposed hallway light bulb does nothing to cut into the dark abyss of the room.
Peering inside you see only shapes, but deep down you know it isn’t going to be
pretty. It’s been three weeks since the PaulDotCom crew went missing. Through
extensive research and cyberstalking, millions of PDC fans gathered information
relating to their disappearance and hired you to find them. This is John Strand’s
safe house, and a quick Google image search was all you needed to know about
his seedy life. Who knows what’s in this room? Donning rubber gloves you feel
for a light switch with your left hand, both intensely afraid and curious for what
you are about to see. Wincing in anticipation you flick the switch with a click.
Nothing happens. “Why do I always get the messed up jobs ” you whisper to
yourself, digging around in your black bag. Corporate espionage isn ’ t a clean
game, but usually the tech jobs involve threatening geeks in suburban houses, not
sneaking around what looks to be North Dakotan project housing. Pulling a sleek
Pelican flashlight from the bag, you click it on and begin to survey the damage.
Starting from the left you identify the location of the puke smell; there’s day old
vomit trailing its way down peeling wallpaper toward a box of empty tequila
bottles. Smell one located. Further to the right you spot a human shape on a couch.
You freeze with the flashlight beam aimed at the shape. It’s Larry, wrapped in
a dirty pink blanket almost too small to cover him, rocking back and forth and
muttering something unintelligible. What’s he saying? You suspect it’s key.
His fingers are pale as he grips a WRT54G router which appears to have twenty-
four overlapping bites taken out of it. Seconds tick by. Nothing happens; he pays
5
no attention to your entry. Smells two and three probably located. Your light
continues its sweep as you spot a table hosting two monitors surrounded by
miscellaneous cables. Jackpot. Ignoring the rest of the room you step over martini
glasses and other unidentified objects, making a beeline to the desk. The little
voice in your head shouts “ Damn! Damn! Damn! ” There is evidence that
someone left only recently. The scene is almost out of a second rate Hollywood
movie, being so incredibly obvious:a puddle of spilled cosmopolitan makes
apparent the distinct outlines where a laptop and external hard drive once sat.
Disheartened, you rummage though the desk, hopeful of finding a forgotten USB
drive or other storage device. No dice. You slide a few sticky quarters off of the
desk (it’s not like you’re getting a per-diem) and continue the search– wait. One
of the quarters†¦ splits a little. You pick it up and play with it. Viola! A small
micro SDHC card lies inside the quarter. Your heart starts beating faster. You
have a clue. As a matter of habit you go through the rest of the room, quietly, as
the eerie sound of Larry chanting in the background never stops. Old coffee mugs,
a dirty microwave, hundreds of empty frozen food wrappers, and magnetic
buckyballs cover the floor like a sort of 21st century urban underbrush and then
you see something peculiar. A stack of hard drives sits in the corner. The top drive
looks like someone shot it 7 or 8 times, a strange method for data destruction, but
certainly an effective one. Rummaging through the stack of drives you find one at
the bottom looking as if it survived the data massacre. Grabbing it, you give one
last look around as you walk to the door. The sounds of Larry go from muffled to
silent as you shut the door and make your exit.
Detail FileDetail mengenai file quarter-SDHC-snippet.dd adalah sebagai berikut:
Nama : quarter-SDHC-snippet.dd
Tipe : Raw Image
Ukuran : 27,3 MB
Modifikasi : Kamis, 31 Mei 2012 pukul 12:35
6
Informasi yang diinginkan
Barang bukti berupa raw image tersebut, diminta untuk diperiksa dan dianalisissehingga didapatkan informasi sebagai berikut:
1. Di percakapan dengan junirkeyy, berapa umur Larry yang diucapkannya pertama kali?
2. Apa nama file yang mempunyai SHA256sum ini :e56931935bc60ac4c994eabd89b003a7ae221d941f1b026b05a7947a48dc9366
3. Berapa SHA256sum dari foto yang diperoleh dari barang bukti yangmenunjukkan Larry sedang menggigit Router?
4. Berapa SHA256sum dari foto yang menunjukkan Larry menjadizombie dengan menggigit kucing?
5. Apa yang Larry katakan secara terbalik dan terus-menerus?
6. Dimana Paul dan John? Tunjukkan koordinat berupa longitude danlatitude GPS.
Proses Analisis
Proses analisis barang bukti berupa file “quarter-SDHC-snippet.dd” adalah
sebagai berikut :
1. Dengan menggunakan Autopsy, buat sebuah kasus baru, masukkan
nama kasus, deskripsi kasus dan nama investigator.
2. Kemudian tambahkan sebuah host. Masukkan nama host, deskripsi host
dan time zone.
8
3. Kemudian tambahkan file image dari barang bukti sebelumnya, yaitu
file “quarter-SDHC-snippet.dd”.
4. Kemudian mulai lakukan analisis.
9
5. Karena disana terdapat gambar yang sudah terhapus, yaitu ditandai
dengan warna merah, kita dapat melakukan recovery dengan
menggunakan tools bernama foremost. Setelah dilakukan recovery,
maka hasil recovery dapat dilihat di folder output.
Hasil Analisis
Dari proses analisis yang telah dilakukan diatas, maka berikut hasil yang
didapatkan sesuai dengan informasi yang diminta :
1. Umur dari Larry yang diucapkan pertama kali yaitu 4 tahun.
2. Nama file yang mempunyai SHA256sum yang diminta yaitu 00039616.jpg
dari file hasil recovery atau nama file aslinya yaitu superstrand.jpg
11
3. SHA256sum dari foto yang menunjukkan Larry sedang menggigit sebuah
router yaitu
e4e2fac9fc41546239d4e534bfe6588e4796f3799befc09b2787f5ad6c75faca
1bdfd9d7445d38fdb7ba5acbb58669cf31c7c568c7aa6e6fcf0c961628f4c32e
12
4. SHA256sum dari foto yang menunjukkan Larry sedang menggigit sebuah
kucing yaitu
9c0a8bc6c3baa2ad7f390ef4e41c3edf3d98a543f492afb50a4bab8700af5766