Jurnal Cakrawala

: Forensic science standards, no crime never leaves traces. Along with the emergence of cybercrime, a new type of evidence emerged as an expansion of conventional evidence in Indonesian criminal procedural law, namely electronic evidence as stated in the Law on Electronic Information or electronic documents whose authenticity can be guaranteed, but there is no further explanation. Further, what is the procedure for guaranteeing its authenticity? Based on this, not all electronic information or documents can be used as evidence. One branch of forensic science that is relevant to proving cybercrimes is computer forensics. The problem that arises is to what extent is the significance of computer forensics to guarantee electronic information or electronic documents as evidence. This article was based on legal research using a conceptual, statutory, and case approach. The result of this study is that computer forensics plays a significant role in the crime of illegal access to electronic devices because it is a tool in criminal procedural law that can be used to guarantee the authenticity of electronic information or electronic documents so that they can be accepted as evidence in court.


Introduction
Proof in criminal procedural law is different from proof in civil procedural law. In criminal procedural law, proving is material, which means actual proof to obtain a legal event in a crime. The Criminal Procedure Code (KUHAP) adopts a negative law-based evidence system in Article 183 of the Criminal Procedure Code. Article 184 of the Criminal Procedure Code contains various types of evidence. 1 Outside what the Criminal Procedure Code determines, it is not considered valid as evidence unless regulated in specific laws (lex specialis). Based on Article 184 of the Criminal Procedure Code, valid evidence in criminal procedural law includes witness statements, expert statements, letters, instructions, and statements of the accused.
In connection with the development of technology and information, especially the internet (cyber). Legal issues often encountered are related to the delivery of information, communication, or transactions electronically, especially regarding evidence and matters related to legal actions carried out through the electronic system with criminal acts. The consequence of the existence of the internet world with the emergence of cybercrimes is to bring up new evidence, called electronic evidence. 2 Several European countries have added electronic evidence to compensate for types of crime due to technological developments. For example, in England, electronic evidence is recognized as evidence under Section 5 of the Police and Criminal Evidence Act 1984. 3 Law no. 11 of 2008 concerning Information and Electronic Transactions (UU ITE) jo. Law No. 19 of 2016 concerning Amendments to Law No. 11 of 2008 concerning Information and Electronic Transactions (in the future referred to as the ITE Law) recognizes the position of electronic evidence as stated in Articles 5 and 6 of the ITE Law.
Based on Articles 5 and 6 of the ITE Law, electronic information or electronic documents and printouts are valid before the law if their authenticity can be accounted for. In the provisions of the Amendment to the ITE Law, as a consequence of the Constitutional Court's decision, amendments and reformulations of the provisions on electronic evidence are made as long as the investigator has preserved the electronic evidence. Based on the extension of electronic evidence to conventional evidence, the nature of electronic evidence is the conformity of a series of evidence from witnesses, experts, and letters that a crime has occurred.
The main problem is that there must be procedures for authenticating electronic information or documents in the ITE Law and the Amendment to the ITE Law. In addition, a procedure or standard procedure that applies nationally regarding this matter has yet to be promulgated. The most recent rationalization, along with the development of technology and information for the authentication of electronic evidence, is forensic computer science. Suppose it needs to be scientifically determined clearly regarding standard procedures in the national realm. In that case, it can result in legal uncertainty so that the goal of seeking the truth will not be achieved. Based on this, the problem formulation is the significant role of computer forensics in maintaining and guaranteeing the integrity of electronic evidence in criminal acts of illegal access to websites.

Method
Legal research is a process of finding legal rules, principles, and doctrines to answer the legal issues at hand. 4 In legal research, an approach method is needed as a reference. With this approach, researchers will get information from various aspects regarding the issue being tried to find an answer. The primary approach in this study used conceptual, statutory, and case approaches.

Computer Forensics and Electronic Evidence
Electronic information and/or electronic documents (or so-called electronic data) are easily altered and falsified. 5 As a result of the nature of such electronic evidence, electronic evidence cannot be immediately submitted to court as evidence. To anticipate this, the integrity of electronic data must be maintained. Based on the rules for maintaining the integrity of electronic data in the international world called Request for Comment No. 3227, electronic information has several criteria to be appropriate as evidence in court. These stages are: 1. Accepted: This must be under applicable legal provisions before going to court; 2. Authentic: This must be binding on the correct evidence for an incident; 3. Complete: This should describe the complete chronology, not of a specific event; 4. Reliable: There must be an explanation of how evidence was collected and handled to remove doubts about its authenticity and correctness; 5. Trusted: Must be easily trusted and understood by the assembly in court.
Based on these criteria, not all electronic information can be accepted as evidence. To maintain the criteria for electronic information, a standard procedure is required that is used by all levels of law enforcement officials, from the central government to the regions. This standard procedure is only owned by computer forensics. In other words, computer forensics determines electronic information and documents as court evidence. Disciplines related to physical evidence or objective evidence are forensic science. According to Eddy O.S. Hiariej, forensic science is a scientific discipline that uses basic science principles and techniques to analyze evidence to retrieve information to solve legal problems. Specifically for electronic evidence, the forensic science discipline used is computer forensics. 6 Computer forensics is collecting and analyzing data from various digital resources, including digital systems, networks, communication lines (including physical and wireless), and storage media that are said to be suitable for submission in court hearings. 7 Another definition of computer forensics is computer investigation and analysis to determine potential legal evidence. 8 Computer forensics is also known as digital forensics. 9 Through computer forensics, investigators trace evidence of a crime by tracing back lost, hidden, and deleted computer files. 10 The nature of electronic evidence itself is easy to falsify and change. 11 So, checking electronic evidence requires adequate competence. Apart from computer forensics, it is also known as network forensics, a scientific discipline that searches for crime-related data in a computer network environment. 12 The term for people who reveal digital evidence of crimes and help perpetrators to court is forensic computer experts or forensic computer technicians. Based on the results of forensic computer analysis, judges, public prosecutors, experts, and advocates are expected to know about information technology to conclude the relationship between a crime and the basis of electronic evidence. 13 This is because forensic computer experts will more or less speak technical information technology. Thus, legal science, forensic computer science, forensic computer experts, and electronic information or documents analysis cannot be separated. Computer forensics can only work with law enforcement officials who can use these procedures. Law enforcers eligible to become computer forensic analysts are those who at least understand computer forensic procedures obtained from formal or informal education. Due to the nature of computer forensics as an information technology discipline, an understanding of basic information technology is necessary. Cybercrime is a crime using information technology media, so when a cybercrime occurs, a forensic computer analyst is ideally presented to conduct an investigation, considering that the human resources of Indonesian law enforcement officers are still low to conduct investigations and investigations into cybercrime.
Standard procedures play a critical role in computer forensics. Currently, law enforcement officers who have standard computer forensic procedures are the Indonesian National Police (Polri) and individual computer forensic experts, respectively. This standard procedure is binding on the institution because there is no government regulation or at least a generally binding "written rule" regarding this matter. An example of the standard procedure classification of the National Police is as follows: SOP 1 concerning Digital Forensic Examination Procedures; SOP 2 regarding Working Hours Commitment; SOP 3 concerning Reporting of Digital Forensic Examination Results; SOP 4 regarding Acceptance of Electronic Evidence; SOP 5 regarding Submission of Electronic Evidence; SOP 6 regarding Forensic Triage; SOP 7 regarding Direct Acquisition of Computers; SOP 8 Acquisition of hard drives, flash drives and memory cards; SOP 9 regarding Harddisk, Flashdisk and Memory Card Analysis; SOP 10 regarding Mobile and Simcard Acquisition; SOP 11 regarding Mobile and Simcard Analysis; SOP 12 concerning Audio Forensic Analysis. 14 Computer forensic experts with certification in computer forensics have their procedures.
The following examples of standard computer forensic procedures are procedures created by Eoghan Casey: Preparation, Survey, Documentation, Preservation, Examination and analysis, Reconstruction, and Reporting results. 15 The stages in the standard procedure are intended so that the integrity of evidence in electronic devices is guaranteed from confiscation and analysis to presentation in court. The standard procedures of the National Police and forensic computer analyst Eoghan Casey can be simplified into three processes: acquisition, analysis, and preparation of reports to be presented in court. The acquisition phase includes confiscating evidence by law enforcement officers from where the crime occurred until analysis is carried out in a forensic computer laboratory. The next stage is to perform a forensic computer analysis. The analysis phase can be carried out using software in the form of paid or free computer forensic programs. The final stage is the presentation stage. Before the presentation stage, it is necessary to make an analysis and report on the electronic information contained in the device related to crime; after completion, the written report can be used as evidence in court, and the statement of a forensic computer analyst can be used as evidence for expert testimony.
Electronic evidence forms the judge's conviction; if there is no documentary evidence from the forensic computer analyst and the analyst's statement, the judge must understand electronic information in electronic data. Knowledge of information technology is required to understand it, so it is hazardous if the judge has a conviction without the support of a forensic computer analysis report and expert testimony, even though both are optional. This is a logical consequence, considering that computer forensic material is likely not given in lectures at law faculties. Based on this, computer forensics is essential in determining the authenticity of electronic information or documents appropriate for evidence in criminal acts related to electronic information and transactions.
Evidence is crucial in formal criminal law enforcement because evidence forms the judge's conviction in deciding cases to uphold justice. According to Article 184, paragraph (1) of the Criminal Procedure Code, legal evidence is witness statements, expert statements, letters, instructions, and statements of the accused. The evidence becomes valid when submitted in the judicial process in court. According to Eddy O.S. Hiariej, the development of evidentiary law is very influential for the cases being handled and the evidence owned, including technological developments. 16 The consequence is that when there is a crime using or through technological means such as the internet, new evidence emerges, referred to as digital evidence. Regarding electronic evidence as evidence in the judicial system in Indonesia, according to the Criminal Procedure Code, it is not included in the evidence received in court.
Electronic evidence is developing in common law countries, and its arrangements do not form new evidence but expand the scope of evidence included in the documentary evidence category, namely letters and instructions. In Indonesia, the recognition and use of electronic evidence has occurred in the murder case of a human rights activist, Munir. Even though it is not regulated in the Criminal Procedure Code, the panel of judges made a breakthrough by acknowledging the existence of electronic evidence as valid evidence. However, this breakthrough did not reach the jurisdiction of the Supreme Court. Instead, the consideration of the panel of judges in the case was annulled. The considerations of the South Jakarta District Court in the decision are as follows: Considering that although the laws and regulations on general criminal acts or the Criminal Code and the procedural law (KUHAP) have not yet regulated the results of science and technology from electronic products, computer and digital as well as other new science and technology products that have not yet had a place, the assembly thinks that it must already be accepted as evidence. Because if it is not accepted, this will become an obstacle in proving a crime that can harm the process, interests, and law enforcement in Indonesia. Because of this, the assembly believes that the cloning of a computer product, as evidenced by letter No. R-451/VII/2004, undated July 2004, is confidential regarding the recommendation of the personnel of the internal security team (aviation security) submitted by the prosecutor and can be accepted at this trial as evidence in addition to the evidence as stipulated in Article 184 of the Criminal Procedure Code. 17 Based on the considerations of the panel of judges, electronic evidence in the form of duplicated computer hard drives can be accepted as valid evidence in addition to those specified in a limited manner in Article 184 of the Criminal Procedure Code. Electronic evidence is any data that is stored or transmitted using a computer. 18  cookies. 19 Alan M. Gathan argues that the existence of electronic evidence as evidence is urgently needed at this time because all public actions cannot be separated from computers, so electronic evidence needs to be recognized. 20 Some literature calls electronic evidence the terms electronic evidence and digital evidence. Indeed, some argue that electronic evidence and digital evidence are something different. According to Muhammad Nuh Al Azhar, electronic evidence is electronic evidence in which digital evidence is stored. 21 In other words, electronic evidence is hardware or electronic media, while digital evidence is information and/or documents stored in the electronic hardware. 22 This classification between electronic and digital evidence creates confusion because, in Indonesia, there is no classification of evidence based on positive law. In short, evidence can be interpreted as goods related to a crime. This definition is not found in the Criminal Procedure Code but can be found in the practice and doctrine of legal scholars.
The dichotomy between the words "electronic" and "digital" also creates confusion because the equivalent word in Indonesian and the prevalence of legal practice for the two words is electronic. In addition, Muhammad Nuh Al Azhar did not distinguish between the definitions of "electronic evidence" and "digital evidence" as evidence, so when he translated the two common words in cybercrime into Indonesian, it biased the understanding of electronic evidence itself.
Based on this, it can be a term common in Indonesian positive law, namely electronic evidence as a translation of digital evidence with the meaning of electronic information or electronic documents stored in computer devices or electronic system devices to form judge beliefs in deciding cases. Law of the Republic of Indonesia No. 11 of 2008 concerning Information and Electronic Transactions (UU ITE) provides space for the existence of electronic evidence, namely Articles 5 and 6 of the ITE Law, electronic information or electronic documents and printouts are legal in the eyes of the law if their authenticity can be accounted for. Article 5, paragraph 2 of the ITE Law needs to be clarified because it only explains that electronic evidence is an extension of legal evidence in Indonesian procedural law. This gives rise to various interpretations because the ITE Law does not explain the evidence in the Criminal Procedure Code, which has undergone an expansion; another consequence is that electronic evidence cannot stand alone because it is only an extension of the evidence already in the Criminal Procedure Code.
Based on Article 5, paragraph 1, if electronic evidence is printed, it is valid in the eyes of the law. The printout of this electronic evidence can be equated with documentary evidence. 23 In this case, Eddy O.S. Hiariej argues that as a consequence of electronic evidence, such as, for example, video, is objective evidence or physical evidence, this evidence must be strengthened by other evidence, including testimony. 24 Based on this opinion, electronic evidence can be an extension of evidence as long as it is supported by other evidence as contained in the Criminal Procedure Code. One that strengthens physical evidence or objective evidence as evidence is the existence of expert testimony that sheds light on legal events. 25 This means that electronic evidence can be acknowledged for its existence in court when expert testimony explains electronic information or documents. Based on the possibility of extending electronic evidence to conventional evidence, the nature of electronic evidence is the conformity of a series of evidence from witnesses, experts, and letters that a crime has occurred. Based on this, electronic evidence can be categorized as guided evidence. 26 Clue means an act, event, or circumstance which, because of its conformity, indicates that a crime has occurred and the culprit. The use of computer forensics can be known, at least in cases related to criminal acts of illegal access to websites. To compare the use of computer forensics in the favorable law regime in Indonesia, this article uses two cases that have become national issues, namely cases before and after the enactment of the ITE Law. A case comparison is intended to determine how law enforcement officials guarantee integrity and secure electronic evidence in different favorable law regimes.

Use of Computer Forensics in Cases of Illegal Access Crimes Before and After the Promulgation of the ITE Law
Cases of illegal access to websites before the promulgation of the ITE Law were illegal access to the website and servers of the General Election Commission (KPU) conducted by Dani Firmansyah alias Xnuxer in 2004, and cases after the promulgation of the ITE Law were cases of illegal access to the Polri website by Andi Kurniawan alias Fandiekun in 2011. The selection of the two cases took into account that both cases were illegal access cases which received public attention because they involved state institutions. The perpetrators are people with more knowledge in the field of information security. This is under the nature of illegal access as a new type of crime that existed after the internet was discovered and can only be carried out by people with more knowledge in the field of information technology.
In the case of Dani Firmansyah, evidence of a crime in the form of electronic information was examined by the Australian Federal Police, in this case, Michael Buck Wheeler, because the National Police did not yet have a forensic computer laboratory. The results of the report are outlined in the form of a Forensic Computing Report on the Analysis of Electronic Media 27 Originating from the confiscation of electronic devices: Hard drive Maxtor 20GB serial number 661206052773 entitled "HD HP Vetra 1"; Hard drive Maxtor 20GB serial number 66120606143 titled "HD HP Vetra 2"; Seagate 10.2GB IDE hard drive serial number 7EG1RMFC titled "HD Nokia Check Point"; Maxtor 40GB IDE hard drive serial number F1E4H1DE titled "KPU Harddisk"; Harddisk Quantum 20GB IDE SN 6163024130776 titled "HD Color Warnet". The results of the forensic computer analysis of evidence in hard disks are as follows: Partition 2 is installed with Windows Server 2003 Operating System. This operating system has a data structure called the "registry," an operating environment database. When an operating system is installed, it will ask the user for certain things, including their name, organization name, operating system key, and time zone setting. The data is stored in the Registry. For partition 1 are as follows: Registered user: "XNUXER"; Registered organization: Operating system: "Microsoft Windows Server 2003"; Install Date/Time: "05/03/04 09:04:54PM"; Time Zone: "SE-A-s-i-a-S-t-a-n-d-a-r-T-i-m-e." Microsoft Windows Server 2003 allows the creation of different profiles to structure users' environments and applications. The profiles of the users in Partition 2 are "_vmware_user_"; "Administrator"; "Guests"; "Devs"; "IUSER_XNUXER"; "IWAM_XNUXER"; ""Support_388945a0".
Appendix AO1 refers to the identified name "mixer" with the following command: Cp pf.conf pf.conf.number, The cp command copies the first argument in the string to the second one. In this case, rename the file "pf.conf" and the new file "pc.conf.xnuxer". The contents of the file are irrelevant to the scope of the analysis. Located in the path "\var\log\" Exhibit 4, this file maintains authentication logs of server operations on the local machine. Also located in the logs are the following sessions, which show that the user "xnuxer" connected to the machine identified as Exhibit 4 (Cafe) and the IP address 202.158.10.117 on port 57997 on April 20 at 14:05:01. Several different connections have been recorded using this username. Stored in Appendix B011, located on the second disk partition identified as Exhibit 1_1, there are fragments of the word that. Also available on the website "tnp.kpu.go. id/Tabulation/default.asp: suspected. Located on the second disk partition identified as Exhibit 1_1 is the installed application "Opera" version 7. This application is a multi-featured web browsing application that also contains email, chat, and contact logging capabilities.
The Opera application was extracted, and a screen capture was taken to show the available contacts and email showing the user "user" and the name "Dani Firmansyah." "Vlink.dat": This file contains the history of visited links with the appropriate date and time. Files located at "\Documents and Settings\Administrator\Apptication\Data\Opera\Opera?\profile\vlink4.dat" were analyzed and found to contain data relevant to investigators. It includes on page 70 the following string relating to the website "tnp.kpu.go.id/Tabulasi/default.asp" and an attempt to write the string "Exnuxer found bug XSS on KPU" Analysis of the Global.dat file located in "\Documents and Settings\Administrator\Application\Data\Opera\Opera7\profile\global.dat" reveals that username "Xnuxer" has used the browser for various activities. In addition, the transaction analysis in this file provides a comprehensive view of the types of activity performed using the browser, including email, based on web and site preferences.
The various files are located in the disk's first partition, identified as Exhibit 1_1; there is a file called "XNUXER-16-04-2004.ISO" in the "C/DATA" directory. An ISO image is an image of a CDROM that has been saved in a format that conforms to the ISO9660 format. Based on the results of an analysis report from the Australian Federal Police's computer forensic laboratory on the hard drive, the National Police have clues that the name "Xnuxer" is another name for Dani Firmansyah as the perpetrator of illegal access to the KPU.
The case after the promulgation of the ITE Law that has become in the public spotlight is the case of changes in appearance and data from the Polri website in 2011 by Andi Kurniawan alias Fandiekun. One of the pieces of evidence used is electronic evidence, in which the electronic evidence is analyzed based on the data contained in the evidence: Polri website server, namely  118.136.45.140. Access recorded as much as one hits. Based on a black and white personal computer with a western digital WD 5001AALS caviar black hard drive with a capacity of 500 GB, S/N: WMATV5056309, the following analysis results were obtained: The Havij-Advance SQL Injection Tools program version 1.14 free is installed on the western digital hard drive WD5001AALS caviar black Sn. WMATV5956309, with a capacity of 500 GB, is a program that is used to scan a website to find and detect security holes in that website. The program nmap5.00-3_i386.deb, nmap (network mapper) is used for network exploration or security audits.
Andi Kurniawan's data is in photos contained in my photo folder. Based on the results of forensic computer analysis of the evidence, information was found that Andi Kurniawan used the Havij and NMAP programs to enter the Polri website by first scanning using the NMAP program. Then, after obtaining gaps in information on the Polri website, Andi Kurniawan used the Havij program to break into-the police website. However, there is an oddity in Andi Kurniawan's case because the log file of searches on the internet from Telkom that was used as evidence was a log file dated May 11, 2011, not a log file dated May 16, 2011, while the incident of changing website content through illegal access was carried out on May 16, 2011.
The results of forensic computer analysis of laptops and hard drives owned by the National Police only provide information that Andi Kurniawan installed software in the form of a computer program on his laptop to find loopholes and enter the Polri website using IP 125.163.230.137 on May 11, 2011, and ending on the same date without incident. They are Changing website content unlawfully (website defacement). This is corroborated by log information containing on May 11, 2011, Andi Kurniawan only conducted information gathering and database enumeration (collection of detailed and in-depth information) with the command characteristics "UNION+ALL+SELECT" and "SELECT+FROM." Details are as follows: Thus, for the crime of illegal access to the website and changes to website content on May 16, 2011, even though they had used computer forensics, the National Police did not have sufficient evidence to charge Andi Kurniawan because there was no connection between changes to the appearance of the website and computer forensics reports-furthermore, the actions committed by Andi Kurniawan. In the cases of Dani Firmansyah and Andi Kurniawan, all evidence was subject to forensic computer analysis by an expert or computer forensic analyst to maintain the integrity of the data contained in the seized evidence, in this case, the hard drive. This is aimed at keeping the electronic information or documents contained therein unchanged so that their authenticity can be guaranteed to become a standard for electronic evidence. 28 Computer forensics can be a guarantor for the authenticity of electronic evidence in criminal procedural law in the future. 29 In both the cases of Dani Firmansyah and Andi Kurniawan, computer forensics was used to dig up electronic information or electronic documents related to the crime of illegal access to websites to be used as evidence.
Computer forensics can anticipate recognizing electronic evidence in the Draft Criminal Procedure Code as a future formal criminal law. Article 175 of the Criminal Procedure Code details legal evidence as follows: evidence, letters, electronic evidence, expert testimony, testimony of a witness, statement of the accused, And-judge's observation. Article 175 letter c of the Draft Criminal Procedure Code (RUU KUHAP) acknowledges the existence of electronic evidence as valid evidence. The elucidation of Article 175 letter c provides the meaning of electronic evidence as follows: information that is spoken, sent, received, or stored electronically with optical devices or something similar to that, including any recorded data or information that can be seen, read, or heard which can be issued with or without the help of some means, whether written on paper, any physical object other than paper or recorded electronically in the form of writing, drawings, maps, plans, photographs, letters, signs, numbers or perforations that have meaning.
Electronic information or documents may only guarantee their integrity with a forensic computer. Based on this, computer forensics is the latest criminal legal aid (procedure) because it tests the reliability of electronic information/electronic documents and crimes using technology and information facilities. The significant location of computer forensics in the crime of illegal access to websites is to maintain the integrity of electronic evidence in the form of electronic information or electronic documents as stipulated in the ITE Law so that it can be used as valid evidence in court.

Conclusion
Computer forensics by an expert as an aid in criminal procedural law has been used both before and after the promulgation of the ITE Law. Computer forensics in a crime related to electronic 28 A.F. Moussa, "Electronic evidence and its authenticity in forensic evidence." Egypt J Forensic Sci 11, 20 (2021). https://doi. org/10.1186/s41935-021-00234-6. 29 Guan Zheng Hong Wu, "Electronic evidence in the blockchain era: New rules on authenticity and integrity," Computer Law & Security Review, Volume 36, (2020), 105401, ISSN 0267-3649, https://doi.org/10.1016/j.clsr.2020.105401. devices has a significant role in maintaining the integrity of electronic information or documents contained in electronic devices to be used as evidence in court. Computer forensics can only be performed by a forensic computer expert/analyst. With computer forensic expertise, it is possible to know the integrity of electronic data in the form of information or electronic documents contained in electronic devices.