<![CDATA[This study aims to reconstruct an attack event and analyze the source of viral infection based on network traffic logs so that the information obtained can be used for a new reference in the security system. Recent attacks on computer network systems cannot be easily detected, as cybercrime has used a variant of the Ryuk Ransomware virus to penetrate security systems, encrypt drives, and computer network resources. This virus is very destructive and has an effective design with a file size of about 200,487 Bytes so it does not look suspicious. The research steps are done through Trigger, Acquire, Analysis, Report, and Action (TAARA). The forensic tools used to obtain log data are Wireshark, NetworkMiner, and TCPDUMP. Based on the results of forensic data obtained include a timestamp, source of the attack, IP address, MAC address, hash signature sha256, internet protocol, and the process of infection. Based on the data obtained in this study has been by the expected objectives.]]>
Copyrights © 2021
