Sally Mosaad Mohamed <br/><br/>
A Postmortem Forensic Analysis for a JavaScript Based Attack /  
Sally Mosaad Mohamed 
 -  2017 
 - 77 p.   ill.   21 cm.  
<br/><br/>Supervisor: Ahmed Fahmy 
<br/><br/>Thesis (M.A.)—Nile University, Egypt, 2017 . 
<br/><br/>"Includes bibliographical references" 
<br/><br/>Contents:<br/>1 AnOverviewofWebBrowsersandTheirPossibleAttacks 1<br/>1.1 InternetBrowsers . ........................... 1<br/>1.2 Webbasedattacks . .......................... 4<br/>1.2.1 Drive-by-Download . ...................... 6<br/>2 DrivebyDownloadAttackandWebBrowserForensics 13<br/>2.1 BrowserForensics . ........................... 16<br/>2.1.1 BrowserForensicTool(BFT): . ................ 19<br/>2.1.2 NETANALYSIS: . ....................... 19<br/>2.1.3 Nirsoft: . ............................ 21<br/>2.1.4 InternetEvidenceFinder(IEF): . ............... 22<br/>2.1.5 CacheBack: . .......................... 22<br/>3 ProposedSystemDescription 27<br/>3.0.6 DataGathering: . ........................ 30<br/>3.0.7 DataAnalysis . ......................... 32<br/>3.0.8 DataClassication . ...................... 35<br/>4 ExperimentandFindings 39<br/>5 ConclusionandFutureWork 45<br/>A FirefoxExtensionSourceCode 47<br/>B AnalyzerSourceCode<br/>C AnalyzerOutputData 54<br/>Bibliography 
<br/><br/> Abstract:<br/>In recentyears,attacksthattargetbrowsers'vulnerabilitieshaveincreasedsignif-<br/>icantly.Aninnocentusermaybeluredtoaccessuntrustedwebsiteandmalicious<br/>contentpassivelydownloadedandexecutedbyher/hiswebbrowser.Thisattack<br/>vectorisknownas,Drive-by-Downloadattack.Systemsandsecurityresearchers<br/>haveaddressedthisattackfromdierentperspectives.Severaltechniquesandtools<br/>wereintroducedtodetectandpreventDrive-by-Downloadattack.However,few<br/>researcheshaveaddressesthebrowserforensicsperspectivesto(1)identifytraces<br/>(2) reconstructtheexecutedeventsofadownloadedmaliciouscontent,toassist<br/>the digitalforensicinvestigationprocess.Inthisstudy,adigitalforensicmethodis<br/>introducedtoinvestigateawebbrowsersubjecttoDrive-by-Downloadattack.We<br/>developedaProof-of-ConceptimplementationbasedonFirefoxbrowser-extension<br/>to inspectandanalyzemaliciousURLsthathostmaliciousexecutables.The<br/>developedsystemistestedusinganumberofmaliciouswebpagesandsuccess-<br/>fully identiedthedigitalevidenceoftheattack.81%oftheidentiedevidence<br/>wereartifactsthatwebelievecouldassistforensicinvestigatorstodetermineif<br/>a web-browserorasystemsubjecttoexaminationiscompromisedornot,and<br/>the indicationsofcompromises.Theindicationforcompromisecouldbeadown-<br/>loaded maliciouscode,acreatedtemporaryleand/oralinktomaliciousserver<br/>that downloadedmalwareintothesystem. 
<br/><br/><br/>Text in English, abstracts in English. 
<br/><br/><label>Subjects--Topical Terms: </label><br/>Informatics-IFM
<br/><br/><label>Index Terms--Genre/Form: </label><br/>Dissertation, Academic
<br/><br/><label>Dewey Class. No.: </label>610