Analisis Bukti Digital Pada Random Access Memory Android Menggunakan Metode Llive Forensic Kasus Penculikan Anak

Abstract

Abstrak

Live forensic merupakan analisis data yang sedang berjalan secara langsung pada Random Access Memory. Random Access Memory merupakan tempat penyimpanan sementara, data yang tersimpan tersebut bersifat volatile atau mudah hilang. Tujuan dari penelitian yaitu mendapatkan hasil bukti digital melalui konsep analisis bukti digital random access memory pada smartphone android dalam kasus penculikan anak menggunakan metode live forensic. Pada penelitian barang bukti elektronik yang disita berupa smartphone android pelaku dan smartphone korban. Korban berperan sebagai orang tua anak yang diculik. Sumber data pada penelitian berasal dari simulasi dan skenario, penelitian menggunakan smartphone android asus zenfone 2 versi android lollipop 5.0 dan smartphone samsung galaxy J5 versi android lollipop 5.1.1. Analisis data dilakukan menggunakan metode NIST (National Institute of Standart Technology) yang memiliki beberapa langkah-langkah analisis yaitu preservation, acquisition, examination, analysis dan reporting. Data yang diambil dari objek random access memory smartphone android berupa log file telephone, data SMS, dan data WhatsApp menggunakan mem tools. Pencarian bukti-bukti kejahatan penculikan anak menggunakan FTK (Forensic Tool Kit). Hasil yang diperoleh berupa bukti-bukti kejahatan yang telah dihapus oleh pelaku, antara lain bukti log file telephone, bukti chat SMS, bukti chat WhatsApp dan file gambar yang berekstensi .jpg. Berdasarkan penelitian yang telah dilakukan penggunaan mem tools mampu mendapatkan data dari random access memory secara menyeluruh sehingga dapat menemukan bukti-bukti kejahatan yang dilakukan oleh pelaku.

 

Kata kunci: live forensic, random access memory, digital forensik, forensic RAM.

 

Abstract

Live forensic is live data analysis on Random Access Memory. Random Access Memory is temporary storage whose data are volatile or easy to lose. This research aimed to obtain digital evidence using the evidence analysis concept of random access memory on an android smartphone in the case of kidnapping through live forensic. The electronic confiscated evidence was the victim's smartphone and the kidnapper's smartphone. The victim acted as the parents of the kidnapped kid. The data sources of this research were taken from simulation and scenario. This research used Asus Zenfone 2 with lollipop 5.0 android version and Samsung Galaxy J5 with lollipop 5.1.1 android version. The data were analyzed using the NIST (National Institute of Standart Technology) method that has some analysis steps such as preservation, acquisition, examination, analysis, and reporting. The data that was taken from RAM objects were log file telephone, text messages data, and Whatsapp data using mem tools, while FTK (Forensic Tool Kit) was used in the searching of kidnapping evidence. The results showed the crime evidence that had been deleted by the kidnapper such as the evidence of log file telephone, text messages, Whatsapp chats, and .jpg. image files. Based on this research, mem tools have been proven to be able to obtain the data from Random Access Memory (RAM) entirely so the crime evidence can be found.