| 000 | 03037nam a22002537a 4500 | ||
|---|---|---|---|
| 008 | 210111b2017 a|||f mb|| 00| 0 eng d | ||
| 040 |
_aEG-CaNU _cEG-CaNU |
||
| 041 | 0 |
_aeng _beng |
|
| 082 | _a610 | ||
| 100 | 0 |
_aSally Mosaad Mohamed _9268 |
|
| 245 | 1 |
_aA Postmortem Forensic Analysis for a JavaScript Based Attack / _cSally Mosaad Mohamed |
|
| 260 | _c2017 | ||
| 300 |
_a77 p. _bill. _c21 cm. |
||
| 500 | _3Supervisor: Ahmed Fahmy | ||
| 502 | _aThesis (M.A.)—Nile University, Egypt, 2017 . | ||
| 504 | _a"Includes bibliographical references" | ||
| 505 | 0 | _aContents: 1 AnOverviewofWebBrowsersandTheirPossibleAttacks 1 1.1 InternetBrowsers . ........................... 1 1.2 Webbasedattacks . .......................... 4 1.2.1 Drive-by-Download . ...................... 6 2 DrivebyDownloadAttackandWebBrowserForensics 13 2.1 BrowserForensics . ........................... 16 2.1.1 BrowserForensicTool(BFT): . ................ 19 2.1.2 NETANALYSIS: . ....................... 19 2.1.3 Nirsoft: . ............................ 21 2.1.4 InternetEvidenceFinder(IEF): . ............... 22 2.1.5 CacheBack: . .......................... 22 3 ProposedSystemDescription 27 3.0.6 DataGathering: . ........................ 30 3.0.7 DataAnalysis . ......................... 32 3.0.8 DataClassication . ...................... 35 4 ExperimentandFindings 39 5 ConclusionandFutureWork 45 A FirefoxExtensionSourceCode 47 B AnalyzerSourceCode C AnalyzerOutputData 54 Bibliography | |
| 520 | 3 | _aAbstract: In recentyears,attacksthattargetbrowsers'vulnerabilitieshaveincreasedsignif- icantly.Aninnocentusermaybeluredtoaccessuntrustedwebsiteandmalicious contentpassivelydownloadedandexecutedbyher/hiswebbrowser.Thisattack vectorisknownas,Drive-by-Downloadattack.Systemsandsecurityresearchers haveaddressedthisattackfromdierentperspectives.Severaltechniquesandtools wereintroducedtodetectandpreventDrive-by-Downloadattack.However,few researcheshaveaddressesthebrowserforensicsperspectivesto(1)identifytraces (2) reconstructtheexecutedeventsofadownloadedmaliciouscontent,toassist the digitalforensicinvestigationprocess.Inthisstudy,adigitalforensicmethodis introducedtoinvestigateawebbrowsersubjecttoDrive-by-Downloadattack.We developedaProof-of-ConceptimplementationbasedonFirefoxbrowser-extension to inspectandanalyzemaliciousURLsthathostmaliciousexecutables.The developedsystemistestedusinganumberofmaliciouswebpagesandsuccess- fully identiedthedigitalevidenceoftheattack.81%oftheidentiedevidence wereartifactsthatwebelievecouldassistforensicinvestigatorstodetermineif a web-browserorasystemsubjecttoexaminationiscompromisedornot,and the indicationsofcompromises.Theindicationforcompromisecouldbeadown- loaded maliciouscode,acreatedtemporaryleand/oralinktomaliciousserver that downloadedmalwareintothesystem. | |
| 546 | _aText in English, abstracts in English. | ||
| 650 | 4 |
_aInformatics-IFM _9266 |
|
| 655 | 7 |
_2NULIB _aDissertation, Academic _9187 |
|
| 690 |
_aInformatics-IFM _9266 |
||
| 942 |
_2ddc _cTH |
||
| 999 |
_c8793 _d8793 |
||