A Postmortem Forensic Analysis for a JavaScript Based Attack / Sally Mosaad Mohamed

By:

Sally Mosaad Mohamed

Material type: Text

TextLanguage: English Summary language: English Publication details: 2017Description: 77 p. ill. 21 cmSubject(s):

Genre/Form:

Dissertation, Academic

DDC classification:

Contents:

Contents: 1 AnOverviewofWebBrowsersandTheirPossibleAttacks 1 1.1 InternetBrowsers . ........................... 1 1.2 Webbasedattacks . .......................... 4 1.2.1 Drive-by-Download . ...................... 6 2 DrivebyDownloadAttackandWebBrowserForensics 13 2.1 BrowserForensics . ........................... 16 2.1.1 BrowserForensicTool(BFT): . ................ 19 2.1.2 NETANALYSIS: . ....................... 19 2.1.3 Nirsoft: . ............................ 21 2.1.4 InternetEvidenceFinder(IEF): . ............... 22 2.1.5 CacheBack: . .......................... 22 3 ProposedSystemDescription 27 3.0.6 DataGathering: . ........................ 30 3.0.7 DataAnalysis . ......................... 32 3.0.8 DataClassication . ...................... 35 4 ExperimentandFindings 39 5 ConclusionandFutureWork 45 A FirefoxExtensionSourceCode 47 B AnalyzerSourceCode C AnalyzerOutputData 54 Bibliography

Dissertation note: Thesis (M.A.)—Nile University, Egypt, 2017 . Abstract: Abstract: In recentyears,attacksthattargetbrowsers'vulnerabilitieshaveincreasedsignif- icantly.Aninnocentusermaybeluredtoaccessuntrustedwebsiteandmalicious contentpassivelydownloadedandexecutedbyher/hiswebbrowser.Thisattack vectorisknownas,Drive-by-Downloadattack.Systemsandsecurityresearchers haveaddressedthisattackfromdierentperspectives.Severaltechniquesandtools wereintroducedtodetectandpreventDrive-by-Downloadattack.However,few researcheshaveaddressesthebrowserforensicsperspectivesto(1)identifytraces (2) reconstructtheexecutedeventsofadownloadedmaliciouscontent,toassist the digitalforensicinvestigationprocess.Inthisstudy,adigitalforensicmethodis introducedtoinvestigateawebbrowsersubjecttoDrive-by-Downloadattack.We developedaProof-of-ConceptimplementationbasedonFirefoxbrowser-extension to inspectandanalyzemaliciousURLsthathostmaliciousexecutables.The developedsystemistestedusinganumberofmaliciouswebpagesandsuccess- fully identiedthedigitalevidenceoftheattack.81%oftheidentiedevidence wereartifactsthatwebelievecouldassistforensicinvestigatorstodetermineif a web-browserorasystemsubjecttoexaminationiscompromisedornot,and the indicationsofcompromises.Theindicationforcompromisecouldbeadown- loaded maliciouscode,acreatedtemporaryleand/oralinktomaliciousserver that downloadedmalwareintothesystem.

Tags from this library: No tags from this library for this title. Log in to add tags.

Average rating: 0.0 (0 votes)

Holdings
Item type	Current library	Call number	Status	Date due	Barcode
Thesis	Main library	610/ SM.P 2017 (Browse shelf(Opens below))	Not For Loan

Browsing Main library shelves Close shelf browser (Hides shelf browser)

Previous	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	No cover image available No cover image available	Next
Previous	610/ SE.I 2013 Implementation of Work Flow Integration Techniques in Tavaxy for Bioinformatics Applications /	610/ SE.R 2013 Registration Analysis of Retinal Fluorescein Angiograms	610/ SE.S 2015 Scale Adaptive Object Tracking With Diverse Ensemble /	610/ SM.P 2017 A Postmortem Forensic Analysis for a JavaScript Based Attack /	610/ SZ.E 2013 Efficient Distributed Computation of Maximal Exact Matches /	610/ T.K.C 2016 Confidence aware incremental learning approach for named entity linking /	610/T.Y.K/2024 Keyed Watermarks : A Fine-grained Watermark Generation for Apache Flink	Next

Supervisor: Ahmed Fahmy

Thesis (M.A.)—Nile University, Egypt, 2017 .

"Includes bibliographical references"

Contents:
1 AnOverviewofWebBrowsersandTheirPossibleAttacks 1
1.1 InternetBrowsers . ........................... 1
1.2 Webbasedattacks . .......................... 4
1.2.1 Drive-by-Download . ...................... 6
2 DrivebyDownloadAttackandWebBrowserForensics 13
2.1 BrowserForensics . ........................... 16
2.1.1 BrowserForensicTool(BFT): . ................ 19
2.1.2 NETANALYSIS: . ....................... 19
2.1.3 Nirsoft: . ............................ 21
2.1.4 InternetEvidenceFinder(IEF): . ............... 22
2.1.5 CacheBack: . .......................... 22
3 ProposedSystemDescription 27
3.0.6 DataGathering: . ........................ 30
3.0.7 DataAnalysis . ......................... 32
3.0.8 DataClassication . ...................... 35
4 ExperimentandFindings 39
5 ConclusionandFutureWork 45
A FirefoxExtensionSourceCode 47
B AnalyzerSourceCode
C AnalyzerOutputData 54
Bibliography

Abstract:
In recentyears,attacksthattargetbrowsers'vulnerabilitieshaveincreasedsignif-
icantly.Aninnocentusermaybeluredtoaccessuntrustedwebsiteandmalicious
contentpassivelydownloadedandexecutedbyher/hiswebbrowser.Thisattack
vectorisknownas,Drive-by-Downloadattack.Systemsandsecurityresearchers
haveaddressedthisattackfromdierentperspectives.Severaltechniquesandtools
wereintroducedtodetectandpreventDrive-by-Downloadattack.However,few
researcheshaveaddressesthebrowserforensicsperspectivesto(1)identifytraces
(2) reconstructtheexecutedeventsofadownloadedmaliciouscontent,toassist
the digitalforensicinvestigationprocess.Inthisstudy,adigitalforensicmethodis
introducedtoinvestigateawebbrowsersubjecttoDrive-by-Downloadattack.We
developedaProof-of-ConceptimplementationbasedonFirefoxbrowser-extension
to inspectandanalyzemaliciousURLsthathostmaliciousexecutables.The
developedsystemistestedusinganumberofmaliciouswebpagesandsuccess-
fully identiedthedigitalevidenceoftheattack.81%oftheidentiedevidence
wereartifactsthatwebelievecouldassistforensicinvestigatorstodetermineif
a web-browserorasystemsubjecttoexaminationiscompromisedornot,and
the indicationsofcompromises.Theindicationforcompromisecouldbeadown-
loaded maliciouscode,acreatedtemporaryleand/oralinktomaliciousserver
that downloadedmalwareintothesystem.

Text in English, abstracts in English.

There are no comments on this title.

to post a comment.