Web Server Seizure and Live Acquisition: A Legally Compliant Forensic Framework for Indonesia

The proliferation of cybercrime activities, particularly those leveraging web servers for illicit purposes such as distributing hoaxes, hosting illegal online gambling, and spreading malware, underscores a pressing demand for a standardized digital forensic framework. Existing methodologies, like simple IP blocking, have proven insufficient in guaranteeing the integrity and admissibility of digital evidence in legal proceedings. This research introduces a comprehensive seizure and acquisition framework specifically engineered to manage digital evidence from both on-premise and cloud-based web servers. A core emphasis of this framework is live acquisition to preserve volatile data and ensure minimal service disruption. The framework systematically addresses critical challenges by focusing on legal authorization, precise server type identification and technical preparation, judicious forensic tool selection, rigorous evidence integrity validation through hashing, diligent Chain of Custody (CoC) documentation, and secure data storage. Tested through simulations of on-premise and cloud server seizures, the frame-work demonstrated its capacity to uphold evidence integrity and legal compliance. While robust, Subject Matter Expert (SME) validation indicated areas for optimization, particularly in cloud-native contexts and the automation of Chain of Custody documentation. This study marks a pivotal advancement towards standardizing web server seizure procedures, thereby ensuring that digital evidence remains valid, intact, and legally admissible in court.