Prada, Java Kanaya (2025) Rekonstruksi Forensik Pada Sistem Operasi Linux Berbasis Serialisasi Data YAML. Other thesis, Institut Teknologi Sepuluh Nopember.
![[thumbnail of 5025211112-Undergraduate_Thesis.pdf]](http://repository.its.ac.id/style/images/fileicons/text.png) |
Text
5025211112-Undergraduate_Thesis.pdf - Accepted Version Restricted to Repository staff only Download (1MB) | Request a copy |
Abstract
Pertumbuhan penggunaan sistem digital berbanding lurus dengan meningkatnya ancaman kejahatan siber, yang mendorong perlunya metode forensik digital yang efisien dan terstandardisasi. Penelitian ini mengusulkan metode rekonstruksi kejadian digital berbasis lini masa dengan memanfaatkan file YAML sebagai deskriptor standar untuk mendefinisikan aktivitas yang akan direkonstruksi. Pendekatan ini bertujuan untuk mengatasi keterbatasan metode sebelumnya yang bergantung pada skrip spesifik untuk setiap pola kejadian. Dalam penelitian ini dikembangkan sebuah program berbasis Command-Line Interface (CLI) yang menerima input berupa hasil ekstraksi log dari Plaso/log2timeline, serta file aturan dalam format YAML yang mengacu pada struktur aturan Sigma. Setiap aturan YAML dianalisis dan dicocokkan dengan low-level event untuk menghasilkan high-level event yang lebih bermakna dan mudah dipahami. program diuji menggunakan sembilan skenario aktivitas pada sistem operasi Linux Ubuntu, dan berhasil menghasilkan high-level timeline dalam format JSON. Hasil pengujian menunjukkan bahwa program mampu melakukan rekonstruksi dengan menyaring lebih dari satu juta entri log mentah menjadi ribuan high-level event yang relevan terhadap aturan yang diberikan. Selain itu, program juga kompatibel dengan aturan dari repositori SigmaHQ tanpa perlu modifikasi. Penelitian ini membuktikan bahwa penggunaan YAML sebagai format aturan dapat meningkatkan efisiensi dan fleksibilitas dalam proses rekonstruksi forensik digital.
====================================================================================================================================
The growing use of digital systems is in line with the increasing threat of cybercrime, which drives the need for efficient and standardized digital forensics methods. This research proposes a timeline-based digital event reconstruction method by utilizing YAML files as standardized descriptors to define the activities to be reconstructed. This approach aims to overcome the limitations of previous methods that rely on specific scripts for each event pattern. In this research, a Command-Line Interface (CLI) based program is developed that accepts input in the form of log extraction results from Plaso/log2timeline, as well as rule files in YAML format that refer to the Sigma rule structure. Each YAML rule is analyzed and matched with low-level events to produce high-level events that are more meaningful and easy to understand. The program was tested using nine activity scenarios on the Linux Ubuntu operating system, and successfully generated a high-level timeline in JSON format. The test results show that the program is able to perform reconstruction by filtering more than one million raw log entries into thousands of high-level events that are relevant to the given rules. In addition, the program is also compatible with rules from the Sigma repository without the need for modification. This research proves that using YAML as a rule format can increase efficiency and flexibility in the digital forensic reconstruction process.
| Item Type: | Thesis (Other) |
|---|---|
| Uncontrolled Keywords: | Forensik Digital, Rekonstruksi Kejadian Forensik, Analisis Lini Masa Forensik, YAML, Aturan Sigma, Digital Forensics, Forensic Event Reconstruction, Forensic Timeline Analysis, YAML, Sigma Rules. |
| Subjects: | T Technology > T Technology (General) T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55201-(S1) Undergraduate Thesis |
| Depositing User: | Java Kanaya Prada |
| Date Deposited: | 17 Jul 2025 07:57 |
| Last Modified: | 17 Jul 2025 07:57 |
| URI: | http://repository.its.ac.id/id/eprint/119916 |
Actions (login required)
 |
View Item |