Penerapan Metode NIST Dalam Analisis Forensik Digital Pasca Serangan Siber ( Studi Kasus : Pt.Analis Digital Forensik)
Implementation Of The Nist Method In Digital Forensic Analysis After A Cyber Attack (Case Study: Pt. Analis Digital Forensik )
DOI:
https://doi.org/10.14421/csecurity.2025.8.1.5092Abstract
Serangan siber semakin meningkat dan menargetkan berbagai sektor industri, termasuk PT. Satseet International yang mengalami serangan pada sistem Human Resource Management System (HRMS) dan web server antara 5 - 19 November 2024. Studi kasus ini dilakukan dalam rangka program Magang dan Studi Independen Bersertifikat (MSIB) pada PT.Analis Forensik Digital.Metodologi yang digunakan adalah metode National Institute of Standards and Technology (NIST) guna mengidentifikasi, mengumpulkan, menganalisis, dan melaporkan bukti digital secara sistematis.Hasil analisis menunjukkan bahwa serangan dilakukan oleh kelompok BlackPython Team dengan teknik Directory Traversal, Remote Code Execution (RCE), dan Ransomware. Dampak serangan ini meliputi enkripsi data penting perusahaan, kebocoran data sensitif karyawan, gangguan operasional HRMS, serta potensi kerugian reputasi dan konsekuensi hukum. Melalui metode NIST, investigasi berhasil mengungkap pola serangan, mengidentifikasi titik masuk pelaku, serta memberikan rekomendasi mitigasi keamanan. Beberapa langkah yang disarankan meliputi penerapan firewall yang lebih ketat, pelatihan keamanan bagi karyawan, strategi backup dan recovery yang kuat, serta penguatan kebijakan keamanan data.Penelitian ini dapat membantu perusahaan dalam meningkatkan keamanannya.
Kata kunci: Forensik Digital,Serangan Siber,NIST,RCE,Ransomware
-----------------------
Abstract
Cyberattacks are increasing and targeting various industrial sectors, including PT. Satseet International, which experienced an attack on its Human Resource Management System (HRMS) and web server between November 5 - 19, 2024.x This case study was conducted as part of the Certified Independent Study and Internship Program (MSIB) at PT. Analis Forensik Digital.The methodology used follows the National Institute of Standards and Technology (NIST) framework to systematically identify, collect, analyze, and report digital evidence. The analysis results indicate that the attack was carried out by the BlackPython Team using Directory Traversal, Remote Code Execution (RCE), and Ransomware techniques.The impact of this attack includes the encryption of critical company data, the leakage of sensitive employee information, disruptions to HRMS operations, and potential reputational damage and legal consequences. Using the NIST method, the investigation successfully uncovered the attack patterns, identified the attacker's entry points, and provided security mitigation recommendations.Some suggested measures include implementing stricter firewall policies, conducting security training for employees, establishing strong backup and recovery strategies, and strengthening data security policies. This research can help PT. Satseet International and other companies enhance their cybersecurity.
Keywords: Digital Forensics, Cyberattack, NIST, RCE, Ransomware
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Muhammad Rafi Ilmuna Ihsan, Apriade Voutama
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
Under the following terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
