Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal Sains, Nalar, dan Aplikasi Teknologi Informasi
Romadhona, Frendi Yusroni
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Real-time Forensic Reconstruction of IPv6 NA Flood Attacks: A D4I Approach Romadhona, Frendi Yusroni; Luthfi, Ahmad
Jurnal Sains, Nalar, dan Aplikasi Teknologi Informasi Vol. 5 No. 1 (2026)
Publisher : Department of Informatics Universitas Islam Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.20885/snati.v5.i1.45526

Abstract

The global transition to IPv6 has introduced new attack surfaces within core network protocols, particularly the Neighbor Discovery Protocol (NDP). One of the most critical yet often overlooked threats is the Neighbor Advertisement (NA) Flood attack. Unlike conventional volumetric DDoS attacks aimed at saturating network bandwidth, NA Flood exploits the Stateless Address Autoconfiguration (SLAAC) mechanism to trigger resource exhaustion on target devices. Investigating such incidents presents unique forensic challenges, as attack traces in volatile memory are often lost when using traditional dead forensics methods. This study implements a real-time forensic investigation approach by integrating Live Forensics methods with the Digital Forensic Framework for Reviewing and Investigating Cyber Attack (D4I). This method is applied to acquire crucial volatile artifacts during the attack and reconstruct the modus operandi through Cyber Kill Chain (CKC) mapping and Chain of Artifacts (CoA) construction. Experimental results demonstrate that NA Flood attacks possess dangerous asymmetric characteristics: generating low network traffic (4.71 Mbps) while causing a CPU surge of up to 50% and a memory increase of 89.5 MB on the target server. The novelty of this study lies in the integration of Live Forensics with the D4I framework to acquire volatile data in real-time and systematically transform raw artifacts into a comprehensive forensic conclusion. This approach successfully reconstructs the 5W1H (Who, What, Where, When, Why, How) elements of the incident and visualizes the shift of the point of failure from the network infrastructure to the endpoint, offering a robust model for investigating protocol-based resource exhaustion attacks.
Co-Authors Ahmad Luthfi