LAPORAN

INVESTIGASI”The Missing of PaulDotCom”

Pemeriksa Forensic :

Nama/NIM : Galih Dian Khresna / 12523170

Nama/NIM : Nabil Muhammad Firdaus / 13523198

JURUSAN TEKNIK INFORMATIKAFAKULTAS TEKNOLOGI INDUSTRIUNIVERSITAS ISLAM INDONESIAKampus Terpadu UII Jl. Kaliurang Km. 14,5 – Yogyakarta (55584)

2

“The Missing of PaulDotCom”

3

Daftar Isi

Daftar Isi...................................................................................................................3

Identitas Kasus......................................................................................................... 4

Deskripsi Kasus....................................................................................................4

Detail File.............................................................................................................5

Informasi yang diinginkan................................................................................... 6

Proses Analisis......................................................................................................... 7

Hasil Analisis......................................................................................................... 10

4

Identitas Kasus

Deskripsi Kasus

Oh god ” is the first thought running through your mind as you crack open the

door. An odious wafting of day old vomit, sweat, and stale cigar washes across

you as the door moves from cracked to ajar. The room is pitch black, a dirty and

exposed hallway light bulb does nothing to cut into the dark abyss of the room.

Peering inside you see only shapes, but deep down you know it isn’t going to be

pretty. It’s been three weeks since the PaulDotCom crew went missing. Through

extensive research and cyberstalking, millions of PDC fans gathered information

relating to their disappearance and hired you to find them. This is John Strand’s

safe house, and a quick Google image search was all you needed to know about

his seedy life. Who knows what’s in this room? Donning rubber gloves you feel

for a light switch with your left hand, both intensely afraid and curious for what

you are about to see. Wincing in anticipation you flick the switch with a click.

Nothing happens. “Why do I always get the messed up jobs ” you whisper to

yourself, digging around in your black bag. Corporate espionage isn ’ t a clean

game, but usually the tech jobs involve threatening geeks in suburban houses, not

sneaking around what looks to be North Dakotan project housing. Pulling a sleek

Pelican flashlight from the bag, you click it on and begin to survey the damage.

Starting from the left you identify the location of the puke smell; there’s day old

vomit trailing its way down peeling wallpaper toward a box of empty tequila

bottles. Smell one located. Further to the right you spot a human shape on a couch.

You freeze with the flashlight beam aimed at the shape. It’s Larry, wrapped in

a dirty pink blanket almost too small to cover him, rocking back and forth and

muttering something unintelligible. What’s he saying? You suspect it’s key.

His fingers are pale as he grips a WRT54G router which appears to have twenty-

four overlapping bites taken out of it. Seconds tick by. Nothing happens; he pays

5

no attention to your entry. Smells two and three probably located. Your light

continues its sweep as you spot a table hosting two monitors surrounded by

miscellaneous cables. Jackpot. Ignoring the rest of the room you step over martini

glasses and other unidentified objects, making a beeline to the desk. The little

voice in your head shouts “ Damn! Damn! Damn! ” There is evidence that

someone left only recently. The scene is almost out of a second rate Hollywood

movie, being so incredibly obvious:a puddle of spilled cosmopolitan makes

apparent the distinct outlines where a laptop and external hard drive once sat.

Disheartened, you rummage though the desk, hopeful of finding a forgotten USB

drive or other storage device. No dice. You slide a few sticky quarters off of the

desk (it’s not like you’re getting a per-diem) and continue the search– wait. One

of the quarters†¦ splits a little. You pick it up and play with it. Viola! A small

micro SDHC card lies inside the quarter. Your heart starts beating faster. You

have a clue. As a matter of habit you go through the rest of the room, quietly, as

the eerie sound of Larry chanting in the background never stops. Old coffee mugs,

a dirty microwave, hundreds of empty frozen food wrappers, and magnetic

buckyballs cover the floor like a sort of 21st century urban underbrush and then

you see something peculiar. A stack of hard drives sits in the corner. The top drive

looks like someone shot it 7 or 8 times, a strange method for data destruction, but

certainly an effective one. Rummaging through the stack of drives you find one at

the bottom looking as if it survived the data massacre. Grabbing it, you give one

last look around as you walk to the door. The sounds of Larry go from muffled to

silent as you shut the door and make your exit.

Detail FileDetail mengenai file quarter-SDHC-snippet.dd adalah sebagai berikut:

Nama : quarter-SDHC-snippet.dd

Tipe : Raw Image

Ukuran : 27,3 MB

Modifikasi : Kamis, 31 Mei 2012 pukul 12:35

6

Informasi yang diinginkan

Barang bukti berupa raw image tersebut, diminta untuk diperiksa dan dianalisissehingga didapatkan informasi sebagai berikut:

1. Di percakapan dengan junirkeyy, berapa umur Larry yang diucapkannya pertama kali?

2. Apa nama file yang mempunyai SHA256sum ini :e56931935bc60ac4c994eabd89b003a7ae221d941f1b026b05a7947a48dc9366

3. Berapa SHA256sum dari foto yang diperoleh dari barang bukti yangmenunjukkan Larry sedang menggigit Router?

4. Berapa SHA256sum dari foto yang menunjukkan Larry menjadizombie dengan menggigit kucing?

5. Apa yang Larry katakan secara terbalik dan terus-menerus?

6. Dimana Paul dan John? Tunjukkan koordinat berupa longitude danlatitude GPS.

Proses Analisis

Proses analisis barang bukti berupa file “quarter-SDHC-snippet.dd” adalah

sebagai berikut :

1. Dengan menggunakan Autopsy, buat sebuah kasus baru, masukkan

nama kasus, deskripsi kasus dan nama investigator.

2. Kemudian tambahkan sebuah host. Masukkan nama host, deskripsi host

dan time zone.

8

3. Kemudian tambahkan file image dari barang bukti sebelumnya, yaitu

file “quarter-SDHC-snippet.dd”.

4. Kemudian mulai lakukan analisis.

9

5. Karena disana terdapat gambar yang sudah terhapus, yaitu ditandai

dengan warna merah, kita dapat melakukan recovery dengan

menggunakan tools bernama foremost. Setelah dilakukan recovery,

maka hasil recovery dapat dilihat di folder output.

Hasil Analisis

Dari proses analisis yang telah dilakukan diatas, maka berikut hasil yang

didapatkan sesuai dengan informasi yang diminta :

1. Umur dari Larry yang diucapkan pertama kali yaitu 4 tahun.

2. Nama file yang mempunyai SHA256sum yang diminta yaitu 00039616.jpg

dari file hasil recovery atau nama file aslinya yaitu superstrand.jpg

11

3. SHA256sum dari foto yang menunjukkan Larry sedang menggigit sebuah

router yaitu

e4e2fac9fc41546239d4e534bfe6588e4796f3799befc09b2787f5ad6c75faca

1bdfd9d7445d38fdb7ba5acbb58669cf31c7c568c7aa6e6fcf0c961628f4c32e

12

4. SHA256sum dari foto yang menunjukkan Larry sedang menggigit sebuah

kucing yaitu

9c0a8bc6c3baa2ad7f390ef4e41c3edf3d98a543f492afb50a4bab8700af5766