Analisis Scalpel sebagai File Carving Tools untuk Forensik Docker Linux Berdasarkan NIST SP 800-86
Keywords:
Docker; File Carving; Forensik Digital; NIST SP 800-86; ScalpelAbstract
Docker container telah banyak digunakan dalam lingkungan cloud. Investigasi forensik digital pada container memerlukan teknik file carving untuk pemulihan data. Penelitian ini bertujuan menganalisis tools file carving Scalpel untuk investigasi container Docker Linux. Pengujian dilakukan dengan skenario penghapusan container dan file uji digital realistis mengacu NIST SP 800-86. Parameter yang diukur meliputi recovery rate, waktu proses dan resource usage. Hasil pengujian menunjukkan Scalpel mampu memulihkan rata-rata 89% file uji pada container Docker Linux dengan kecepatan proses tertinggi dibanding tools lain meskipun konsumsi resource lebih besar. Scalpel terbukti efektif dan direkomendasikan untuk investigasi forensik pada container Docker Linux.
References
Alrobieh, Z. S., & Raqpan, A. M. A. A. 2020. File Carving Survey on Techniques, Tools and Areas of Use. Transactions on Networks and Communications, 8(1), 16–26. https://doi.org/10.14738/tnc.81.7636
Cockroft, Adrian. 2019: “[2019 Cloud Native Survey] The Full Report - Cloud Native Computing Foundation
Foremost (software). 2020. Wikipedia. https://en.wikipedia.org/wiki/Foremost_(software)
Kumar, N., & K. Haribabu. 2022. Evaluation of File Carving Tools for Forensic Investigation in Docker Containers. 2022 IEEE 6th Conference on Information and Communication Technology (CICT). https://doi.org/10.1109/cict56698.2022.9997954
Padmanabhan, R., Lobo, K., Ghelani, M., Sujan, D., & Shirole, M. 2016. Comparative analysis of commercial and open source mobile device forensic tools. IEEE Xplore. https://doi.org/10.1109/IC3.2016.7880238
PhotoRec. 2019. CGSecurity. https://www.cgsecurity.org/wiki/PhotoRec
Poisel, R., Tjoa, S., & Tavolato, P. 2011. Advanced File Carving Approaches for Multimedia Files. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 2, 42–58.
Ramadhan, R. A., Rachmat Setiawan, P., & Hariyadi, D. 2022. Digital Forensic Investigation for Non-Volatile Memory Architecture by Hybrid Evaluation Based on ISO/IEC 27037:2012 and NIST SP800-86 Framework. IT Journal Research and Development, 162–168. https://doi.org/10.25299/itjrd.2022.8968
Riadi, I., & Sugandi, A. 2019. Forensic Analysis of Docker Swarm Cluster using Grr Rapid Response Framework. International Journal of Advanced Computer Science and Applications, 10(2). https://doi.org/10.14569/ijacsa.2019.0100260
sleuthkit/scalpel. 2021. GitHub. https://github.com/sleuthkit/scalpel
Spiekermann, D., Eggendorfer, T., & Keller, J. 2019. A Study of Network Forensic Investigation in Docker Environments. https://doi.org/10.1145/3339252.3340505
Ta-Min, R., Litty, L., & Lie, D. 2006. Splitting interfaces: making trust between applications and operating systems configurable. Operating Systems Design and Implementation, 279–292. https://doi.org/10.5555/1298455.1298482
What is a Container? | Docker. 2021. Docker. https://www.docker.com/resources/what-container/#:~:text=A%20Docker%20container%20image%20is
Xavier, M. G., Neves, M. V., Rossi, F. D., Ferreto, T. C., Lange, T., & De Rose, C. A. F. 2013. Performance Evaluation of Container-Based Virtualization for High Performance Computing Environments. 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing. https://doi.org/10.1109/pdp.2013.41
Alrobieh, Z. S., & Raqpan, A. M. A. A. 2020. File Carving Survey on Techniques, Tools and Areas of Use. Transactions on Networks and Communications, 8(1), 16–26. https://doi.org/10.14738/tnc.81.7636
Cockroft, Adrian. 2019: “[2019 Cloud Native Survey] The Full Report - Cloud Native Computing Foundation
Foremost (software). 2020. Wikipedia. https://en.wikipedia.org/wiki/Foremost_(software)
Kumar, N., & K. Haribabu. 2022. Evaluation of File Carving Tools for Forensic Investigation in Docker Containers. 2022 IEEE 6th Conference on Information and Communication Technology (CICT). https://doi.org/10.1109/cict56698.2022.9997954
Padmanabhan, R., Lobo, K., Ghelani, M., Sujan, D., & Shirole, M. 2016. Comparative analysis of commercial and open source mobile device forensic tools. IEEE Xplore. https://doi.org/10.1109/IC3.2016.7880238
PhotoRec. 2019. CGSecurity. https://www.cgsecurity.org/wiki/PhotoRec
Poisel, R., Tjoa, S., & Tavolato, P. 2011. Advanced File Carving Approaches for Multimedia Files. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 2, 42–58.
Ramadhan, R. A., Rachmat Setiawan, P., & Hariyadi, D. 2022. Digital Forensic Investigation for Non-Volatile Memory Architecture by Hybrid Evaluation Based on ISO/IEC 27037:2012 and NIST SP800-86 Framework. IT Journal Research and Development, 162–168. https://doi.org/10.25299/itjrd.2022.8968
Riadi, I., & Sugandi, A. 2019. Forensic Analysis of Docker Swarm Cluster using Grr Rapid Response Framework. International Journal of Advanced Computer Science and Applications, 10(2). https://doi.org/10.14569/ijacsa.2019.0100260
sleuthkit/scalpel. 2021. GitHub. https://github.com/sleuthkit/scalpel
Spiekermann, D., Eggendorfer, T., & Keller, J. 2019. A Study of Network Forensic Investigation in Docker Environments. https://doi.org/10.1145/3339252.3340505
Ta-Min, R., Litty, L., & Lie, D. 2006. Splitting interfaces: making trust between applications and operating systems configurable. Operating Systems Design and Implementation, 279–292. https://doi.org/10.5555/1298455.1298482
What is a Container? | Docker. 2021. Docker. https://www.docker.com/resources/what-container/#:~:text=A%20Docker%20container%20image%20is
Xavier, M. G., Neves, M. V., Rossi, F. D., Ferreto, T. C., Lange, T., & De Rose, C. A. F. 2013. Performance Evaluation of Container-Based Virtualization for High Performance Computing Environments. 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing. https://doi.org/10.1109/pdp.2013.41
