Investigation of Botnet Attacks using Network Forensic Development Life Cycle Method

Muhammad Ridho Hidayat, Imam Riadi
2021 International Journal of Computer Applications  
The development of internet technology is currently growing rapidly, as well as the increasing number of users. Based on the results of the Indonesian Polling study in collaboration with the Indonesian Internet Service Providers Association (APJII), out of a total population of 264 million Indonesians, there are 171.17 million people or around 64.8% who are already connected to the internet. Crime in cyberspace is also growing rapidly, such as botnets spreading on computer networks without
more » ... ng who the users are and where they are located. These infected computers are called zombies and they will be controlled by botmasters. One of the motives highlighted was to gain financial gain through a collection of computers that were forcibly taken over.The research uses the Network Forensic Development Life Cycle (NFDLC) method which focuses on 5 stages, Initiation, Acquisition, Implementation, Operations, and Disposition. This study uses Wazuh forensic tools that focus on monitoring attacks that enter the server by placing a wazuh agent on the server whose task is to monitor attacks that enter the computer server and then report to the wazuh manager then it will be processed into visual attack data.The experimental results, it is proven that the Network Forensic Development Life Cycle (NFDLC) method can detect botnet attacks while simultaneously monitoring incoming attacks with the results recorded in realtime in the form of a table containing 25 types of attacks that have attack levels from the lowest level 3 to the highest level. 15, the highest number of attacks was recorded with the number reaching 927 attacks and for the lowest attack, 1 attack was recorded.
doi:10.5120/ijca2021921632 fatcat:a2rtpbrkrbednpki5cpvajdyou