Analisa Forensik Kontainer Podman Terhadap Backdoor Metasploit Menggunakan Checkpointctl
DOI:
https://doi.org/10.26623/transformatika.v21i2.8109Keywords:
Forensik, Kontainer, Podman, Checkpoint, NISTAbstract
Container systems are type of virtualization technology with isolated environment. The isolated environment in container system does not make cyber attacks impossible to occur. In this research, containers in which a cyber incident occurred were forensically tested on the container's memory to obtain digital evidence. The forensic process is carried out using standards from NIST framework with the stages of collection, examination, analysis and reporting. The forensic process begins by performing a checkpoint on the container to obtain information from the container's memory. In Podman the checkpoint process is carried out on one of the containers and will produce a file in .tar.gz form, where this file contains the information contained in the container. After the checkpoint process is complete, forensics is then carried out by reading the checkpoint file using a tool called checkpointctl. Forensic results showed that the container was running a malicious program in the form of a backdoor with a PHP extension.References
Dwiyatno S, Rakhmat E, Oki G. Implementasi Virtualisasi Server Berbasis Docker Container. Jurnal PROSISKO. 2020; 7(2): 165-175.
Kusuma GHA, Prawiranegara IN. Analisa Digital Forensik Rekaman Video CCTV dengan Menggunakan Metadata dan Hash. Prosiding SISFOTEK. 2019; 3(1): 223 - 227.
Riadi I, Fadlil A, Aulia MI. Investigasi Bukti Digital Optical Drive Menggunakan Metode National Institute of Standard and Technology (NIST). Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi). 2020; 4(5): 820-828.
Lahmann G, McCann T, Lloyd W. Container Memory Allocation Discrepancies: An Investigation on Memory Utilization Gaps for Container-Based Application Deployments. In ; 2018; Orlando, FL, USA: IEEE.
Yang C. Checkpoint and Restore of Micro-service in Docker Containers. In Proceedings of the 3rd International Conference on Mechatronics and Industrial Informatics.: Atlantis Press; 2015. p. 915-918.
Chen X, Jiang JH, Jiang Q. A Method of Self-adaptive Pre-copy Container. In ; 2015; Zhangjiajie, China: IEEE.
Riadi I, Umar R, Sugandi A. Web Forensic on Container Services Using GRR Rapid Response Framework. Scientific Journal of Informatics. 2020; 7(1): 33-42.
Sunardi , Riadi I, Sugandi A. Forensic Analysis of Docker Swarm Cluster using Grr Rapid Response Framework. International Journal of Advanced Computer Science and Applications (IJACSA). 2019; 10(2): 459-466.
Prakoso DC, Riadi I, Prayudi Y. Detection of metasploit attacks using RAM Forensic on proprietary operating systems. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control. 2020; 5(2): 155-160.
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
Transformatika is licensed under a Creative Commons Attribution 4.0 International License.
