LAPORAN WORKSHOP

PETA 2015
NETWORK SECURTY SYSTEM
DAN
DIGITAL FORENSIK
Oleh :
Nama : Robby Iswanto Purtono
NPM : 137006169

LABORATORIUM INFORMATIKA
JURUSAN TEKNIK INFORMATIKA
FAKULTAS TEKNIK UNIVERSITAS SILIWANGI
TASIKMALAYA
TAHUN
2015

Monitoring Network
Wireshark-win32-1.12.4
Challenge Case01
Ann and Mr. X have set up their new base of operations. While waiting for
the extradition
paperwork to go through, you and your team of investigators covertly
monitor her activity.
Recently, Ann got a brand new AppleTV, and configured it with the static IP
address
192.168.1.10. Here is the packet capture with her latest activity.

You are the forensic investigator. Your mission is to find out what Ann
searched for, build a
profile of her interests, and recover evidence including:
1. What is the MAC address of Anns AppleTV?
Jawaban : 00:25:00:fe:07:c4

Analisis : MAC Address dapat kita temukan dari protocol DNS

dimana MAC Address ada dalam bagian Ethernet II.
2. What User-Agent string did Anns AppleTV use in HTTP requests?
Jawaban : AppleTV/2.4

Analisis : user-agent dapat di temukan dalam protocol http pada

GET dimana data yg diterima dari server.
3. What were Anns first four search terms on the AppleTV (all
incremental searches count)?
Jawaban : HACK

Analisis : di dapat dengan cara memilah data dengan menggunakan

ip.src==192.168.1.10&&http kemudian klik info agar data
tersusun.kemudian cari data yang terdapa serch yang
diinginkan pada info yang ada.
4. What was the title of the first movie Ann clicked on?
Jawaban : Hackers

Analisis : di dapat dengan cara memilah data dengan menggunakan

ip.src==192.168.1.10&&http kemudian klik info agar data
tersusun.kemudian cari data dari GET yang artinya data
yang di terima dari server.cari video yang pertama di clik.
5. What was the full URL to the movie trailer (defined by preview-url)?
http://a1738.v.apple.com/us/r1000/011/video/7f/9d/ce/mzm.gbctwmnq..64
0x352.h2641c.d2.p.m4v

6. What was the title of the second movie Ann clicked on?
Jawaban : Sneakers

7. What was the price to buy it (defined by price-display)?

Jawaban : $9.99

Analisis : data ini di dapat dari line number 1186.line tersebut di

double clik kemudian muncul lembar kerja dan data ada di
dalamnya .
8. What was the last full term Ann searched for?
Jawaban : I know you are whaching me

Challenge case02
Anarchy-R-Us, Inc. suspects that one of their employees, Ann Dercover, is
really a secret agent
working for their competitor. Ann has access to the companys prize asset,
the secret recipe.
Security staff are worried that Ann may try to leak the companys secret
recipe.
Security staff have been monitoring Anns activity for some time, but havent
found anything
suspicious until now. Today an unexpected laptop briefly appeared on the
company wireless
network. Staff hypothesize it may have been someone in the parking lot,
because no strangers
were seen in the building. Anns computer, (192.168.1.158) sent IMs over
the wireless network
to this computer. The rogue laptop disappeared shortly thereafter.
We have a packet capture of the activity, said security staff, but we cant
figure out whats
going on. Can you help?

You are the forensic investigator. Your mission is to figure out who Ann was
IM-ing, what she
sent, and recover evidence including:
1. What is the name of Anns IM buddy?
Jawaban : ec558user1

Analisis : data di ambil dari line 23,dimana dalam flow dapat dilihat
data tersebut berada

2. What was the first comment in the captured IM conversation?

Jawaban : Here's the secret recipe... I just downloaded it from the file
server. Just copy to a thumb drive and you're good to go

3. What is the name of the file Ann transferred?

Jawaban : recipe.docx

4. What is the magic number of the file you want to extract (first four
bytes)?
Jawaban : 50 4b 03 04

Analisis : buka flow untuk line 129.megic number terdapat pada

bagian word (berwarna biru) dimana megic number
adalah 8 bit pertama.

5. What was the MD5sum of the file?

Untuk md5 kami kesulitan karna dalam pelatihannya sendiri tidak
dapat di temukan.
6. What is the secret recipe?
Jawaban :
Recipe for Disaster:
1 serving
Ingredients:
4 cups sugar
2 cups water
In a medium saucepan, bring the water to a boil. Add
sugar. Stir gently over low heat until sugar is fully
dissolved. Remove the saucepan from heat. Allow to
cool completely. Pour into gas tank. Repeat as
necessary.
Analisis : data di dapat dari source yang ada pada line 129.data di
flow seperti pada gambar di bawah.

Kemudian data tersebut di save dalam bentuk docx.

Dengan nama recipe.docx.

Steganografi
SteganPEG
Pilih enable file into JPEG image untuk memasukan file pada sebuah
fhoto.masukan password untuk melindungi file agar tidak dapat dibuk oleh
orang lain.pilih fhoto yang akan anda masukan file ke dalamnya. Kemudian
GO!

Muncul tampilan seperti di atas.untuk memasukan file ke dalam fhoto.klik

add file dan pilih file yang akan di masukan.

Apabila file sudah masuk maka klik save stegged image.dan selesai.
Catatan :
1. file harus dalam bentuk .txt
2. ukuran file tidak boleh lebih besar dari fhoto.