Publishing Journal • JURTEKSI (jurnal Teknologi dan Sistem Informasi)

FORENSIC ANALYSIS OF MITM ATTACK ON ‘AISYIYAH UNIVERSITY YOGYAKARTA NETWORK USING NIST METHOD

DOI: 10.35870/pioaj.6371 Year: 2026 Pages: 11-25 (Vol. 12, No. 3) Views: 4
Authors & Researchers
R
Ridwan, Virgiawan aqil Universitas Aisyiyah Yogyakarta1
F
Firdonsyah, Arizona Universitas Aisyiyah Yogyakarta2

Abstract

Abstract: Man-in-the-Middle (MITM) attacks are a threat that can occur on public wireless networks, including campus Wi-Fi environments. This study aims to analyze MITM attacks on the Wi-Fi network at Universitas ‘Aisyiyah Yogyakarta using the National Institute of Standards and Technology (NIST) digital forensics methodology. The study applied the four NIST phases: collection, examination, analysis, and reporting. The digital evidence analyzed included packet capture (PCAP) files, as well as digital traces such as browser history, cookies, and cache data obtained from the victim’s device. The analysis process utilized Wireshark, the SQLite Database Browser, and ChromeCacheView to identify suspicious activity and correlate the discovered digital traces. The results of the study show that the MITM attack was successfully reconstructed through the correlation of digital traces, leading to the identification of ARP spoofing and DNS spoofing originating from a device with the IP address 192.168.200.12 and the MAC address a0:47:d7:73:ef:fb. The correlation of digital traces in the victim’s network and system traffic revealed communication redirection and web access manipulation. This study concludes that the NIST method is capable of reconstructing MITM attacks and identifying digital evidence from activity traces on both the network and the system.             Keywords: ARP spoofing; digital forensics; DNS spoofing; MITM; NIST     Abstrak: Serangan Man-in-the-Middle (MITM) merupakan ancaman yang dapat terjadi pada jaringan nirkabel publik, termasuk lingkungan WiFi kampus. Penelitian ini bertujuan menganalisis serangan MITM pada jaringan WiFi Universitas ‘Aisyiyah Yogyakarta menggunakan metode forensik digital National Institute of Standards and Technology (NIST). Penelitian menerapkan empat tahapan NIST, yaitu collection, examination, analysis, dan reporting. Bukti digital yang dianalisis meliputi file packet capture (PCAP), jejak digital berupa history browser, cookies, dan cache yang diperoleh dari perangkat korban. Proses analisis menggunakan Wireshark, SQLite Database Browser, dan ChromeCacheView untuk mengidentifikasi aktivitas mencurigakan serta mengorelasikan jejak digital yang ditemukan. Hasil penelitian menunjukkan bahwa serangan MITM berhasil direkonstruksi melalui korelasi jejak digital yang mengarah pada identifikasi ARP spoofing dan DNS spoofing dari perangkat dengan alamat IP 192.168.200.12 dan MAC address a0:47:d7:73:ef:fb. Korelasi jejak digital pada lalu lintas jaringan dan sistem korban menunjukkan adanya pengalihan komunikasi serta manipulasi akses web. Penelitian ini menyimpulkan bahwa metode NIST mampu merekonstruksi serangan MITM dan mengidentifikasi bukti digital dari jejak aktivitas pada jaringan maupun sistem.   Kata kunci: ARP spoofing; DNS spoofing; forensik digital; MITM; NIST