Network forensics is an important aspect to identify eavesdropping or intrusion on a network. Wiretapping by the attacker can trigger an even bigger attack. Therefore, a network forensics method is needed to collect network traffic records to look for evidence in the event of an attack. In this study, a forensic investigation was conducted to identify an ARPattack poisoning using themethod Live Forensic, the attack trial was carried out when the client accesses the server using the SSL and FTP protocols, when access has been made by the client

 the attacker can interceptdata. client By utilizing the ARP protocol through the tools Ettercap, this eavesdropping activity can disrupt network security aspects, especially in terms of confidentiality (data confidentiality) and integrity (data authenticity). This process requires tools to be able to search for the attackers quickly, for it was in this research using the tools XArp that can provide alerts and to detect the identity of perpetrators of the attack and the identity of the victim in real time.

“Asosiasi Penyelenggara Jasa Internet Indonesia.” https://www.apjii.or.id.

G. Kamajaya, I. Riadi, and Y. Prayudi, “Analisa Investigasi Static Forensics Serangan Man in the Middle Berbasis Arp Poisoning,” JIKO (Jurnal Inform. dan Komputer), vol. 3, no. 1, pp. 6–12, 2020, doi: 10.33387/jiko.v3i1.1692.

F. Ridho, A. Yudhana, and I. Riadi, “Analisis Forensik Router Untuk Mendeteksi Serangan Distributed Danial of Service (DDoS) Secara Real Time,” vol. 2, no. 1, pp. 111– 116, 2016, [Online]. Available: http://ars.ilkom.unsri.ac.id.

M. N. Hafizh, I. Riadi, and A. Fadlil, “Forensik Jaringan Terhadap Serangan ARP Spoofing menggunakan Metode Live Forensic,” J. Telekomun. dan Komput., vol. 10, no. 2, p. 111, 2020, doi: 10.22441/incomtech.v10i2.8757.