1 Data Authentication in Network Forensic Using MD5 and CRC32 Method Irwan Sembiring irwanstaff.uksw.edu Faculty of Information Technology, Satya Wacana Christian University Jl Diponegoro 52-60 Salatiga Jazi Eko Istiyanto Jaziugm.ac.id Physics Department Faculty of Mathematics and Natural Sciences Gadjah Mada University Sekip Utara Bulaksumur, Yogyakarta 1. INTRODUCTION Evidently, we are now living in a digital epoch. Unlike the conventional media, images provide a vivid and natural communication media for human. One of them is CFAC Computer Forensics, Autopsy and Coroner or more often with computer forensic. Barry A. J. Fisher, 2003. Data authentication is very important, because of the high level of computer crime, particularly those related to counterfeiting of data, such as changing or deleting some of the contents of data. To be able to drag the perpetrators before the law, then the police should be able to prove it with the tools of evidence, and expertise required obtain digital evidence. Digital evidence is fragile evidence. Contamination of digital evidence is apt to occur, either accidentally or intentionally. Small errors in the handling of digital evidence can create digital exhibits changes. If the data changes it can be said is not the original data. The application is expected to assist the process of detecting the authenticity of the data. Detection process is referred to the authenticity here is to detect whether the data provided in accordance with the data obtained from the search.[2] One way that can be used to resolve the issue is the hash value of data that are considered problematic, so the data can be compared to the truth. Data are still easy to manipulate, but by using two hash at once to manipulate the data very difficult.

2. CYCLIC REDUNDANCY CHECK CRC

CRCs are specifically designed to protect against common types of errors on communication channels, where they can provide quick and reasonable assurance of the integrity of messages delivered. However, they are not suitable for protecting against intentional alteration of data. Firstly, as there is no authentication, an attacker can edit a message and recalculate the CRC herself, without the substitution being detected. Data authenticity detection system built using two methods at once. The method used is the method of MD5 and CRC32 method. This is intended to minimize the data error. If only one method, then the checksum value in common place or manipulate the data are still likely to occur, but by using two methods and the errors or to manipulate the data is very small. This causes the data that has to be more reliable if it has a value of MD5 and CRC32 values the same. Figure1. Computation of CRC 2 A cyclic redundancy check CRC is a non-secure hash function designed to detect accidental changes to raw computer data. Its computation resembles a long division operation in which the quotient is discarded and the remainder becomes the result, with the important distinction that the arithmetic used is the carry-less arithmetic of a finite field. The length of the remainder is always less than or equal to the length of the divisor, which therefore determines how long the result can be. Cyclic redundancy checks have favorable properties in that they are specifically suited for detecting burst errors. CRCs are easily implemented in hardware, and are commonly used in digital networks and storage devices such as hard disk drives. Even parity is a special case of a cyclic redundancy check, where the single-bit CRC is generated by the polynomial x+1. Cyclic Redundancy Check CRC is based on division in the ring of polynomials over the finite field GF2 the integers modulo 2, that is, the set of polynomials where each coefficient is either zero or one, and arithmetic operations wrap around due to the nature of binary arithmetic. Any string of bits can be interpreted as the coefficients of a message polynomial of this sort, and to find the CRC, we multiply the message polynomial by x n and then find the remainder when dividing by the degree-n generator polynomial. The coefficients of the remainder polynomial are the bits of the CRC. In general form[1]: ……..[1] Here Mx is the original message polynomial and Gx is the degree-n generator polynomial. The bits of are the original message with n zeroes added at the end. The CRC checksum is formed by the coefficients of the remainder polynomial Rx whose degree is strictly less than n. The quotient polynomial Qx is of no interest. In communication, the sender attaches the n bits of R after the original message bits of M, sending out ….[2] The receiver, knowing Gx and therefore n, separates M from R and repeats the calculation, verifying that the received and computed R are equal. If they are, then the receiver assumes the received message bits are correct. In practice CRC calculations resemble long division in binary, except that the subtractions involved do not borrow from more significant digits, and thus become exclusive or operations. A CRC is a checksum in a strict mathematical sense, as it can be expressed as the weighted modulo-2 sum of per-bit syndromes, but that word is generally reserved more specifically for sums computed using larger moduli, such as 10, 256, or 65535. CRCs can also be used as part of error-correcting codes, which allow not only the detection of transmission errors, but the reconstruction of the correct message. These codes are based on closely related mathematical principles.

3. NETWORK FORENSIC