Identifikasi Bukti Forensik Jaringan Virtual Router Menggunakan Metode NIST

The evolution information technology has led to the growth of virtualization technology. Router OS is the operating system of the Mikrotik Router, which supports virtualization. Router Os virtualization technique which is easy to run is a metarouter. Metarouter provides benefits such as, building virtual servers, virtual machines, network topology and savings cost. As an object of research, Metarouter introduces challenges to digital forensic investigations, both practitioners and academics. Investigators need to use methodology and tools in order to prove the perpetrators of crimes. This study uses the Windump forensic tool as a means of recording network traffic activity. Network Miner and Wireshark as an analytical tool for identifying digital evidence. The use of the National Institute of Standard and Technology (NIST) method which collection, examination, analysis and reporting, can be repeated and maintained with the same data. Based on experiments with virtual router network traffic testing, the system built has succeeded in obtaining digital evidence, either by direct or indirectly. The system scenario that has been planned succeeded recording 220494 packages, but by the Windump, it is automatically divided into 9 (nine) parts of the package which are Buktidigital0 to Buktidigital8. The inspection stage produces evidence that has been verified by Wireshark and Network Miner. The analysis stage proves that there were attacks carried out by addresses 192.168.10.10 and 192.168.234.10. Based on the results of forensic testing, the use of the NIST method on a forensic system that has been built with a virtual router object can be used by investigators to identify evidence of cyber-attacks.