Forensic Analysis of Podman Container Towards Metasploit Backdoor Using Checkpointctl
Abstract views: 61
,
PDF downloads: 46
Abstract
Container systems are a virtualization technology with an isolated environment. The isolated environment in a container system does not make cyber attacks impossible. In this research, containers where a cyber incident occurred, were forensically tested on the container's memory to obtain digital evidence. The forensic process uses standards from the NIST framework with collection, examination, analysis, and reporting stages. The forensic process begins by checking the container to obtain information from the container's memory. When the checkpoint procedure is executed in Podman, it is performed on one of the containers. This process produces a file in the.tar.gz format containing the container's information. After completing the checkpoint process, forensics is done by reading the checkpoint file using a checkpointctl tool. Forensic results showed that the container ran a malicious program as a backdoor with a PHP extension.
References
S. Dwiyatno, E. Rakhmat och G. Oki, ”Implementasi Virtualisasi Server Berbasis Docker Container,” Jurnal PROSISKO, vol. 7, nr 2, 2020.
C. Pahl, A. Brogi, J. Soldani och P. Jamshidi," Cloud Container Technologies: A State-of-the-Art Review," IEEE Transactions on Cloud Computing, vol. 7, nr 3, pp. 677-692, 2019.
G. H. A. Kusuma och I. N. Prawiranegara, ”Analisa Digital Forensik Rekaman Video CCTV dengan Menggunakan Metadata dan Hash,” Prosiding SISFOTEK, vol. 3, nr 1, pp. 223 - 227, 2019.
I. Riadi, A. Fadlil och M. I. Aulia, ”Investigasi Bukti Digital Optical Drive Menggunakan Metode National Institute of Standard and Technology (NIST),” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 4, nr 5, pp. 820-828, 2020.
G. Lahmann, T. McCann och W. Lloyd," Container Memory Allocation Discrepancies: An Investigation on Memory Utilization Gaps for Container-Based Application Deployments," Orlando, FL, USA, 2018.
C. Yang," Checkpoint and Restore of Micro-service in Docker Containers," i Proceedings of the 3rd International Conference on Mechatronics and Industrial Informatics, Atlantis Press, 2015, pp. 915-918.
X. Chen, J.-H. Jiang och Q. Jiang," A Method of Self-adaptive Pre-copy Container," Zhangjiajie, China, 2015.
I. Riadi, R. Umar och A. Sugandi," Web Forensic on Container Services Using GRR Rapid Response Framework," Scientific Journal of Informatics, vol. 7, nr 1, pp. 33-42, 2020.
Sunardi, I. Riadi och A. Sugandi," Forensic Analysis of Docker Swarm Cluster using Grr Rapid Response Framework," International Journal of Advanced Computer Science and Applications (IJACSA), vol. 10, nr 2, pp. 459-466, 2019.
D. C. Prakoso, I. Riadi och Y. Prayudi," Detection of Metasploit Attacks Using RAM Forensic on Proprietary Operating Systems," Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, vol. 5, nr 2, pp. 155-160, 2020.
O. W. Purbo, Membuat Sendiri Cloud Computing Server Menggunakan Open Source, Yogyakarta: Andi, 2012.
S. Raj och N. K. Walia," A Study on Metasploit Framework: A Pen-Testing," i 2020 International Conference on Computational Performance Evaluation (ComPE), Shillong, Meghalaya, India, 2020.
S. Thomas och B. T. K," Vulnerability Testing on Rooted Android Phones Using Msf Venom Payloads," 2021.
A. I. R och F. Marisa, ”Membangun Proxy Serversebagai Penyaring Konten Dan Manajemen Akses Jaringan Internet Pada PT. Indomarine Surabaya,” Jurnal Teknologi dan Manajemen Informatika, vol. 3, nr 2, pp. 172-177, 2017.
K. Kent, S. Chevalier, T. Grance och H. Dang," Guide to Integrating Forensic Techniques into Incident Response," National Institute of Standards and Technology, pp. doi: 10.6028/nist.sp.800-86, 2006.
I. Riadi, U. Rusydi och I. M. Nasrulloh," ANALISIS FORENSIK DIGITAL PADA FROZEN SOLID STATE DRIVE DENGAN METODE NATIONAL INSTITUTE OF JUSTICE (NIJ)," Elinvo (Electronics, Informatics, and Vocational Education), vol. 3, nr 1, pp. 70-82, 2018.
N. S. och I. Riadi, ”Analisis Forensik Smartphone Android Menggunakan Metode NIST dan Tool MOBILedit Forensic Express,” Jurnal Informatika Universitas Pamulang, vol. 5, nr 1, pp. 89-94, 2020.
D. Royadi, M. Asfi och A. Sevtiana, ”Implementasi Metode Standar NIST Dalam Analisis Data Forensik Studi Kasus Penipuan Salah Transfer Mencatut Nama Wabup Pada SMP Ar-rohman Krangkeng,” LOFIAN: Jurnal Teknologi Informasi Dan Komunikasi, vol. 3, nr 1, pp. 12-19, 2023.
J. Huang, Y. Li, J. Zhang och R. Dai," UChecker: Automatically Detecting PHP-Based," Portland, OR, USA, 2019.
I. Riadi och E. I. Aristanto," An Analysis of Vulnerability Web Against Attack Unrestricted Image File Upload," Computer Engineering & Applications Journal, vol. 5, nr 1, pp. 19-28, 2016.
Copyright (c) 2024 Hafiidh Akbar Sya'bani, Chaerul Umam, L. Budi Handoko
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with Inform: Jurnal Ilmiah Bidang Teknologi Informasi dan Komunikasi agree to the following terms:
-
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
-
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
-
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
