Discussion and General Lecture on Digital Forensics with Ruby Alamsyah
Bandung – SOC, Monday (09/15/2014) In That morning, students and lecturers flocked to the Multimedia Room, 2nd Floor Learning Center Building, Telkom University Campus. They want to attend a workshop that brings speakers of a Digital Forensic Analyst or commonly called an IT Security Consultant, Ruby Zukri Alamsyah, ST., MTI.
His presence that morning was his joy for the academic community of the School of Computing Telkom University. Why not, Ruby, whose figure often passes on television, talks about cases of artists and top officials, becomes an expert witness in the trial or one of the cases that made her reported to the police for allegedly teaching how to commit crimes in public media. Yes, that’s Ruby Alamsyah.
Ruby Alamsyah is a graduate of Gunadarma University who then continues to pursue the Master of Information Technology at the University of Indonesia. His decision to pursue the world of digital forensics did not come suddenly, but through a long process by considering many things. Starting from his hobby of playing games on the computer, he was finally encouraged to be able to make his games then pursue applications, computer systems and learn computer networks. Finally, he was challenged to explore information technology security science.
Forensic is known as the field of science that is used to help enforce justice through the process of applying science. Forensic consists of many types, such as forensic chemistry, forensic physics, forensic medicine, and forensic computers. Forensic computers or also known as digital forensics is the process of investigating computer devices/system tools to find out whether the computer/device system is used for illegal, unauthorized or unusual purposes.
Why is digital forensics? And for what? Digital forensic is used to uncover a case, obtain evidence, and also be used for the audit process in one institution/company. Computer forensic consists of several aspects and stages, namely:
- Identify Evidence = this stage is the process of finding evidence. Digital evidence can be obtained from the results of the disk record, memory record both volatile/non-volatile. This stage is usually complicated and long in time because this stage is the process of gathering information and collecting data.
- Preserve Evidence = this stage is the process by which the evidence obtained, can be managed and maintained so as not to be damaged, polluted, or lost. This needs to be done because the evidence needs to be analyzed.
- Analyze Evidence = the next step is to analyze the evidence obtained.
- Present Results = finally, after the evidence is analyzed, then the results are obtained, and the results are presented until the suspect can be proven guilty / not.
So what kind of data must be collected? This data depends on the case and form of investigation. Generally what is sought is System time, Logged in User, Accessed Data, Network status, Clipboard, Service, History and Drive/folder/ file. -LEN
For photo galleries and activities can be seen at: https://soc.telkomuniversity.ac.id/gallery/galeri-diskusi-dan-kuliah-umum-digital-forensik-bersama-ruby-alamsyah/