<![CDATA[This research was conducted to investigate evidence of an attack and to restore data after an attacker compromised an Open Journal System (OJS) service on a computer server. The method used in this research is a new approach developed from the Network Forensic Digital Life Cycle (NFDLC) method. This new method, known as KUAD, has several stages for collecting cyber-attack evidence and restoring it after the Gacor attack has occurred. The stages in the KUAD method include initiation, acquisition, execution, mitigation, and disposition. The novelty of this method, compared to the previous one, lies in the inclusion of the mitigation stage, which aims to restore data or documents after an attack. The tool used to detect the attack and find evidence of the attack is Tripwire, whereas the tools used to restore lost data include crontab, which runs backup commands with rsync in four steps. Tripwire can optimally detect attacks by displaying the number of data entries that were added, deleted, or modified. A total of 15,135 files in .docx, .pdf, and .jpg formats, deleted by the attacker, were successfully restored using this backup technique. The success rate of using this technique for post-cyber attack mitigation reached 100%.]]>
Copyrights © 2025
