Analisis forensik jaringan serangan ARP Spoofing menggunakan metode National Institute of Justice (NIJ)

This study aims to identify evidence of Address Resolution Protocol (ARP) Spoofing attacks in the form of the attacker's and victim's Media Access Control (MAC) addresses, as well as the time of the attack. With the increasing use of computer networks, ARP Spoofing attacks have become a serious threat that can lead to data theft, communication interception, and service disruption. ARP Spoofing can serve as a means to launch more complex attacks, such as Denial of Service (DoS) and Man in the Middle (MITM), which can cripple network systems and steal sensitive information. This study utilizes the Wireshark tool to monitor network traffic, specifically ARP, and applies the National Institute of Justice (NIJ) method as a framework for forensic investigation. The NIJ method was chosen because it provides a systematic approach to identifying, collecting, analyzing, and reporting digital evidence, enabling enhanced attack mitigation and supporting legal aspects in network security investigations. The specific approaches used in this forensic analysis include log analysis, packet capture and analysis using Wireshark, and traffic correlation to identify attack patterns based on time and involved devices. The attack simulation was conducted on Personal Computer (PC) 1 and a routerboard, where communication between these two devices was redirected through the attacker. Based on the test results, it was found that every device in the network experienced ARP Spoofing attacks, which could be detected and analyzed using the NIJ method. The contribution of this study is to provide a more systematic approach to forensic network investigations using the NIJ method, which not only aids in attack detection but also establishes a strong foundation for mitigation actions and legal enforcement in computer network security.