Advertisement

Integrated Forensic Tool for Network Attacks

  • Chia-Mei ChenEmail author
  • Gu-Hsin Lai
  • Zheng-Xun Tsai
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 895)

Abstract

With the proliferation of cyber-attacks, Digital Forensic, also known as Computer Forensic, becomes more important to collect and analyze the seamless tracks that hackers leave. Through data acquisition, collection, preservation, analysis, examination and report generation, internet administrators are able to trace hackers and make sure of the loss. However, digital forensic is difficult since hackers tend to clean up the evidence of their existence, the complication of devices and log formats further increase the challenges. Existing digital forensic tools usually support some of the tasks in the forensic process instead of the comprehensive one. To make things harder for forensic investigators, these tools typically do not support each other. In order to ease the burden for investigators and make digital forensic available for general users, this re-search proposes an integrated system that can facilitate evidence acquisition, testing, analysis, and reporting in an integrated manner. This proposed system is expected to enhance the efficiency of digital forensic.

Keywords

Digital forensics Computer forensics Tools integration 

References

  1. 1.
    Asia Times Staff: Taiwanese under Siege from Blitz of Chinese Cyberattacks. Asia Times, 6 April 2018. http://www.atimes.com/article/taiwanese-siege-blitz-chinese-cyberattacks/. Accessed 27 May 2018
  2. 2.
    Shen, T.A.: Hacker Group Targeting at Taiwan, The List of Security Incidents in Taiwan Financial Industry. iThome, 13 October 2017. https://www.ithome.com.tw/news/117386. Accessed 27 May 2018
  3. 3.
    Huang, Y.F.: The Hacking Procedures of ATM in Taiwan First Bank. iThome, 25 July 2016. https://www.ithome.com.tw/news/107294. Accessed 25 May 2018
  4. 4.
    Huang, Y.F.: More Hacking Details About Security Incidents of Far Eastern International Bank Are Revealed. iThome, 23 October 2017. https://www.ithome.com.tw/news/117397. Accessed 27 May 2018
  5. 5.
    TANet Computer Emergency Response Team. TWCERT. https://twcert.org.tw/subpages/cert/cert_taiwan_details.aspx?id=9. Accessed 29 May 2018
  6. 6.
    TACERT: Case Study: Linux Server in Campus Infected with Miner Malware, May 2018. https://portal.cert.tanet.edu.tw/docs/pdf/2018052502050404129385033631215.pdf. Accessed 29 May 2018
  7. 7.
    TACERT: Case Study: Website Hijacked by Coinhive Miner, 1 2017. https://portal.cert.tanet.edu.tw/docs/pdf/2018012305014949449974152724093.pdf. Accessed 29 May 2018
  8. 8.
    TACERT: Case Study: WannaCry Spread All Over the Computers in Campus, June 2015. https://portal.cert.tanet.edu.tw/docs/pdf/2017062004063434305283221149085.pdf. Accessed 29 May 2018
  9. 9.
    Baryamureeba, V., Tushabe, F.: The enhanced digital investigation process model. In: The Digital Forensic Research Conference, Baltimore, MD (2004)Google Scholar
  10. 10.
    Ademu, I.O., Imafidon, C.O., Preston, D.S.: A new approach of digital forensic model for digital forensic investigation. Int. J. Adv. Comput. Sci. Appl. 2(12), 175–178 (2011)Google Scholar
  11. 11.
    Wireshark User Guide. https://www.wireshark.org/docs/man-pages/wireshark.html. Accessed 7 Nov 2017
  12. 12.
    Russinovich, M.: TCP view. https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview. Accessed 5 May 2018
  13. 13.
    CurrPorts. http://www.nirsoft.net/utils/cports.html. Accessed 8 Oct 2017
  14. 14.
    Russinovich, M.: Process Explorer. https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer. Accessed 5 Nov 2017
  15. 15.
  16. 16.
  17. 17.
    Windows Management Instrument Console. https://msdn.microsoft.com/zh-tw/library/aa394531(v=vs.85).aspx. Accessed 6 Nov 2017
  18. 18.
    Chisholm, C., Groman, J.: Integrating forensic investigation methodology into eDiscovery. In: GIAC (GCFA) Gold Certification (2010)Google Scholar
  19. 19.
    Talebi, J., Dehghantanha, A., Mahmoud, R.: Introducing and analysis of the Windows 8 event log for forensic purposes. In: Garain, U., Shafait, F. (eds.) Computational Forensics, vol. 8915, pp. 145–162. Springer, Cham (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Information ManagementNational Sun Yat-sen UniversityKaohsiungTaiwan
  2. 2.Department of Technology Crime InvestigationTaiwan Police CollegeTaipeiTaiwan

Personalised recommendations