Call for Paper - January 2024 Edition
IJCA solicits original research papers for the January 2024 Edition. Last date of manuscript submission is December 20, 2023. Read More

Investigation of Botnet Attacks using Network Forensic Development Life Cycle Method

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2021
Muhammad Ridho Hidayat, Imam Riadi

Muhammad Ridho Hidayat and Imam Riadi. Investigation of Botnet Attacks using Network Forensic Development Life Cycle Method. International Journal of Computer Applications 183(25):30-36, September 2021. BibTeX

	author = {Muhammad Ridho Hidayat and Imam Riadi},
	title = {Investigation of Botnet Attacks using Network Forensic Development Life Cycle Method},
	journal = {International Journal of Computer Applications},
	issue_date = {September 2021},
	volume = {183},
	number = {25},
	month = {Sep},
	year = {2021},
	issn = {0975-8887},
	pages = {30-36},
	numpages = {7},
	url = {},
	doi = {10.5120/ijca2021921632},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}


The development of internet technology is currently growing rapidly, as well as the increasing number of users. Based on the results of the Indonesian Polling study in collaboration with the Indonesian Internet Service Providers Association (APJII), out of a total population of 264 million Indonesians, there are 171.17 million people or around 64.8% who are already connected to the internet. Crime in cyberspace is also growing rapidly, such as botnets spreading on computer networks without knowing who the users are and where they are located. These infected computers are called zombies and they will be controlled by botmasters. One of the motives highlighted was to gain financial gain through a collection of computers that were forcibly taken over.The research uses the Network Forensic Development Life Cycle (NFDLC) method which focuses on 5 stages, Initiation, Acquisition, Implementation, Operations, and Disposition. This study uses Wazuh forensic tools that focus on monitoring attacks that enter the server by placing a wazuh agent on the server whose task is to monitor attacks that enter the computer server and then report to the wazuh manager then it will be processed into visual attack data.The experimental results, it is proven that the Network Forensic Development Life Cycle (NFDLC) method can detect botnet attacks while simultaneously monitoring incoming attacks with the results recorded in real-time in the form of a table containing 25 types of attacks that have attack levels from the lowest level 3 to the highest level. 15, the highest number of attacks was recorded with the number reaching 927 attacks and for the lowest attack, 1 attack was recorded.


  1. Anwar, N., & Riadi, I. (2017). WhatsApp Messenger Forensic Investigation Analysis Smartphone Against Web-Based WhatsApp. Scientific Journal of Computer Electrical Engineering and Informatics, 3(1), 1.
  2. Damayanti, M. (2015). Simulation of Botnet Attacks on HTTP Protocol Scientific Articles.
  3. Endicott-Popovsky, BE, & Frincke, DA (2006). Embedding forensic capabilities into networks: Addressing inefficiencies in digital forensics investigations. Proceedings of the 2006 IEEE Workshop on Information Assurance, 2006, 133–139.
  4. Endicott-popovsky, BE, Frincke, DA, & Ieee, AS (2006). Embedding Forensic Capabilities into Networks: Overcoming Inefficiencies in Digital Forensic Investigations. 99352, 133–139.
  5. Endicott-popovsky, B., Frincke, DA, & Taylor, CA (2007). Theoretical Framework for Organizational Forensic Readiness Networks. 2, 1–11.
  6. Geges, S., Wibisono, W., & Ahmad, T. (2013). Identify Botnets Through Monitoring Group activity on DNS Traffic. Journal of Engineering Pomits Vol. 2, No. 1, (2013) ISSN: 2337-3539 (2301-9271 Print), 2(1), 1–6.
  7. Geges, S., & Wibisono, W. (2015). Development of Prevention of Distributed Denial of Service (DDoS) Attacks on Network Resources With Integration of Network Behavior Analysis and Client Puzzle. JUTI: Scientific Journal of Information Technology, 13(1), 53.
  8. Hadianto, R., & Purboyo, TW (2018a). A Survey Paper on Botnet Attacks and Defenses in Software Defined Networking. International Journal of Applied Engineering Research, 13(1), 483–489.
  9. Hadianto, R., & Purboyo, W. (2018b). Network. 13, 483–489.
  10. Karima, A. (2012). Anomaly detection to identify Kraken and Conficker botnets uses a rule-based approach. 2012(Semantics), 274–281.
  11. Rosalina, V., Herli, D., Information, FT, Kingdom, US, Information, FT, Kingdom, US, Forensics, D., Model, P., Framework, Z., & Clark, JG (2015) ). Digital Forensic Stages Model Development To Support. 0–5.
  12. R. Montasari, “Review and Assessment of the Existing Digital Forensic Investigation Process Models,” Int. J. Comput. Appl., vol. 147, no. 7, pp. 1–9, 2016.
  13. I. Riadi, S. Sunardi, and AA Kadim, “Monitoring Mobile Native Application Logs Using the Grr Rapid Response Framework,” J. Buana Inform., vol. 10, no. 1, p. 1, 2019, doi:10.24002/jbi.v10i1.1909.
  14. D. Hariyadi, U. Jenderal, and A. Yani, "Identification of Conversation Evidence for the Dual Apps Whatsapp Application on," no. November, 2018, doi:10.13140/RG.2.2.20253.56805.
  15. I. Riadi, R. Umar, and IM Nasrulloh, "Digital Forensic Analysis on Frozen Solid State Drives Using the National Institute of Justice (Nij) Method," Elinvo (Electronics, Informatics, Vocat. Educ., vol. 3, no. 1, p. 70–82, 2018, doi:10.21831/info.v3i1.19308.
  16. R. Umar and Sahiruddin, "Nist Method For Forensic Analysis Of Digital Evidence On Android Devices," Pros. SENDU_U_2019, matter. 978–979, 2019.
  17. RY Prasongko, A. Yudhana, and A. Fadil, "Forensic analysis of the cocoatalk application using the national institute standard technology method," Semin. Nas. information. 2018 (semnasIF 2018) UPN “Veteran” Yogyakarta, 24 Novemb. 2018 ISSN 1979-2328, vol. 2018, no. November, p. 129–133, 2018.
  18. H. Nurhairani and I. Riadi, “Analysis of Mobile Forensics on Twitter Application using the National Institute of Justice (NIJ) Method,” int. J. Comput. app., vol. 177, no. 27, p. 35–42, 2019, doi:10.5120/ijca2019919749.
  19. B. Carrier, “Open {Source} {Digital} {Forensics} {Tools}: {The} {Legal} {Argument}," no. October, 2002.
  20. Buyens, Jim. 2001. Web Database Development. Elex Media Komputindo. Jakarta
  21. PW Setyaningsih, Y. Prayudi, and B. Sugiantoro, "Management of Digital Evidence from the Acquisition of Dfxml," J. Tek. Inform., vol. 11, no. 1, p. 47–54, 2018, doi:10.15408/jti.v11i1.6680.
  22. MN Faiz, R. Umar, and A. Yudhana, "Analysis of Live Forensics for Comparison of Email Security on Proprietary Operating Systems," Ilk. J. Ilm., vol. 8, no. 3, p. 242–247, 2016, doi:10.33096/ilkom.v8i3.79.242-247.
  23. A. Yudhana, I. Riadi, and I. Anshori, "Analysis of Digital Evidence for Facebook Messenger Using the Nist Method," It J. Res. Dev., vol. 3, no. 1, p. 13–21, 2018, doi:10.25299/itjrd.2018.vol3(1).1658.
  24. Raka, Z. D, “4523/Kom-D/Sd-S1/2021 Analysis of P3Sps Violations on Bigo Live Application Shows,” 2021.
  25. AN Ichsan and I. Riadi, “Mobile Forensic on Android-based IMO Messenger Services using Digital Forensic Research Workshop (DFRWS) Method,” 2021.


Botnet, NFDLC, Server, Wazuh, Realtime