Finding forensic evidence for several web attacks Online publication date: Wed, 30-Dec-2015
by Nataša Šuteva; Aleksandra Mileva; Mario Loleski
International Journal of Internet Technology and Secured Transactions (IJITST), Vol. 6, No. 1, 2015
Abstract: Symantec Internet Security Threat Report 2014 is showing a horrified fact, that when an attacker looked for a site to compromise, one in eight sites made it relatively easy to gain access. Digital forensics is one of our biggest line of defense against cyber criminals, because it provides evidence against them. For attacks against web applications, web application forensics is the branch which gives most of the answers. First, the victim machine usually gives some data, which are then used for identifying possible suspects, and this is followed by forensic analysis of suspects' devices, like computers, laptops, tablets, and even smart phones. In this paper, we use an attack scenario against the known vulnerable web application WackoPicko, using several web attacks: SQL injection, stored and reflected XSS, remote file inclusion, and commandline injection. We use post-mortem computer forensic analysis of attacker and victim machine to find some artefacts in them, which can help to identify and possible to reconstruct the attack, and most important, to obtain valid evidence which holds in court. We assume that the attacker was careless and did not perform any anti-forensic techniques on its machine.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Internet Technology and Secured Transactions (IJITST):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com