Analisis Memory Forensics Windows Subsystem for Linux 2 (WSL2) Berbasis Hyper-V pada Windows 11 Berdasarkan Nist 800-86

Authors

  • Bagas Kurnadi PoltekSSN
  • Fachrul Ali Nurfadillah PoltekSSN
  • Muhammad Tegar Sabila PoltekSSN

DOI:

https://doi.org/10.54066/jpsi.v2i1.1594

Keywords:

digital forensics, virtual machine, linux, windows, wsl

Abstract

In the context of the growing blend of Windows and Linux operating systems through Windows Subsystem for Linux (WSL), this study explores forensic memory analysis on Hyper-V-based Windows Subsystem for Linux 2 (WSL2) in a Windows 11 environment using the NIST SP 800-86 method. WSL2, as the latest development of WSL, provides new opportunities in security and digital forensics, but also raises challenges related to security incidents. The study builds on the findings of previous research, focusing on forensic memory applications that have never been applied to WSL2 in Windows 11 before. By choosing Ubuntu 20.04 as the object of research and implementing the NIST SP 800-86 standard. The experimental results were obtained in scenario 1 where without deleting WSL2 all experimental artifacts were obtained or it can be said that artifacts were found by 100%, while in scenario 2 by deleting WSL2 only 2 experimental artifacts were found or by 16.7%. This research aims to provide in-depth insights into forensic analysis on WSL2, provide practical guidance for digital forensics experts in addressing security challenges that continue to evolve as technology evolves, and complement our understanding of security incidents involving a mix of Windows and Linux operating systems in the WSL2 era.

References

Craig Loewen. What is Windows Subsystem for Linux. 2023. https://docs.microsoft.com/en-us/windows/wsl/about

M. Juhendajad, S. Mamdouh, K. Msc, and S. Medri, “Windows 11 liidese Windows Subsystem for Linux kriminalistiline analüüs.”

Lewis, A. Case, A. Ali-Gombe, and G. G. Richard, “Memory forensics and the windows subsystem for linux,” in Proceedings of the Digital Forensic Research Conference, DFRWS 2018 USA, Digital Forensic Research Workshop, 2018, pp. S3–S11. doi: 10.1016/j.diin.2018.04.018.

P. Boigner and R. Luh, “WSL2 Forensics: Detection, Analysis & Revirtualization,” in ACM International Conference Proceeding Series, Association for Computing Machinery, Aug. 2022. doi: 10.1145/3538969.3544439.

M. Parekh and S. Jani, “Memory Forensic: Acquisition and Analysis of Memory and Its Tools Comparison,” International Journal of Engineering Technologies and Management Research, vol. 5, no. 2, pp. 90–95, Apr. 2020, doi: 10.29121/ijetmr.v5.i2.2018.618.

Gunawan, Indra, “Keamanan Data: Teori dan Implementasi”, CV Jejak. 2021. National Institute of Standards and Technology. (n.d.). NIST Special Publication 800-86 Guide to Integrating Forensic Techniques into Incident Response.

Downloads

Published

2024-02-02

How to Cite

Bagas Kurnadi, Fachrul Ali Nurfadillah, & Muhammad Tegar Sabila. (2024). Analisis Memory Forensics Windows Subsystem for Linux 2 (WSL2) Berbasis Hyper-V pada Windows 11 Berdasarkan Nist 800-86. JURNAL PENELITIAN SISTEM INFORMASI (JPSI), 2(1), 178–188. https://doi.org/10.54066/jpsi.v2i1.1594

Issue

Vol. 2 No. 1 (2024): FEBRUARI : JURNAL PENELITIAN SISTEM INFORMASI

Section

Articles