Cyber Weaponry pp 101-112 | Cite as

Double-Edged Sword: Dual-Purpose Cyber Security Methods

  • Angela S. M. Irwin
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Using forensics techniques, organizations can uncover vital evidence and information regarding intrusion methods and techniques, what actions an intruder took when inside the system or network and what information was taken. However, anti-forensic techniques are being used by cyber-criminals to remove the traces which can be used to successfully investigate their intrusion or cover the fact that an intrusion has taken place. Many of the modern cyber-security programs that are used to defend networks, and the data held within them, are being used by those who would wish to enter these systems without permission—they are a double-edged sword. Cyber-security applications provide important advantages to security professionals. Nevertheless, these advantages are reduced, or lost, when they are used by cyber-criminals in an anti-forensics manner. This chapter explores how common security techniques and methods, such as system logging, vulnerability scanning, and network monitoring, can be misused by cyber-criminals to hide their presence on the network. It then explores some simple security practices and approaches that can be used by network defenders to reduce the effectiveness of these anti-forensic practices.


Anti-forensic techniques Intrusion detection System monitoring Vulnerability scanning Network monitoring 


  1. Apple Inc. (2004) Syslogd.8 [Online]. Available at: Accessed 10 July 2017
  2. Bartlett G, Heidemann J, Papadopoulos C (2007) Understanding passive and active service discovery [Online]. Available at: Accessed 10 July 2017
  3. du Toit J (2015) How network architecture can affect the reliability of your reports [Online]. Available at: Accessed 10 July 2017
  4. Foreman P (2010) Vulnerability management. Taylor & Francis Group, Boca Raton, p 1Google Scholar
  5. F-Secure (2017) WannaCry, the biggest ransomware outbreak ever [Online]. Available at: Accessed 10 July 2017
  6. InfoSec Institute (2015) The importance of cyber hygiene in cyberspace [Online]. Available at: Accessed 10 July 2017
  7. Jepson B, Rothman E, Rosen R (2008) Mac OS X for Unix geeks, 4th edn. O’Reilly Media, Inc, SebastopolGoogle Scholar
  8. Jiang T, Liu J, Han Z (2004) Secure audit logs with forward integrity message authentication codes. ICSP’04 proceedings, pp 2655–2658Google Scholar
  9. Juuso A-M, Takanen A (2010) Unknown vulnerability management. Codenomicon whitepaper [Online]. Available at: Accessed 10 July 2017
  10. Khan S, Gani A, Wahab AWA, Bagiwa MA, Shiraz M, Khan SU, Buyya R, Zomaya AY (2016) Cloud log forensics: foundations, state of the art, and future directions. ACM Comput Surv 49(1):1–42CrossRefGoogle Scholar
  11. Lantz B, Hall R, Couraud J (2006) Locking down log files: enhancing network security by protecting log files. Issues Inf Secur 7(2):45Google Scholar
  12. Lavrova D, Pechenkin A (2015) Applying correlation and regression analysis to detect security incidents in the internet of things. Int J Commun Netw Inf Secur Kohat 7(3):131–137Google Scholar
  13. Maintain (2008) Manage log files [Online]. Available at: Accessed 10 July 2017
  14. Mao HH, Wu JC, Papalexakis EE, Faloutsos C, Lee KC, Kao TC (2014) MalSpot: Multi2 malicious network behavior patterns analysis. In: Advances in knowledge discovery and data mining. Springer, Berlin, pp 1–14Google Scholar
  15. Mertka B (2017) Security and privacy issues in NG112 [Online]. Available at: Accessed 11 July 2017
  16. Orrill J (2017) What is the difference between active & passive vulnerability scanners? [Online]. Available at: Accessed 11 July 2017
  17. Prunckun H (2012) Counterintelligence theory and practice. Rowman & Littlefield, LanhamGoogle Scholar
  18. Scott C (2008) Covering the tracks on the MAC OS X Leopard. SANS Institute InfoSec Reading Room [Online]. Available at: Accessed 11 July 2017
  19. Skoudis E (2001) Defending your log files [Online]. Available at: Accessed 10 July 2017
  20. Skoudis E (2007) Hacker techniques, exploits, & incident handling. The SANS Institute, BethesdaGoogle Scholar
  21. Symantec (2016) What is a zero-day vulnerability? [Online]. Available at: Accessed 10 June 2017
  22. Trend Micro (2017) Exploit kit [Online]. Available at: Accessed 10 July 2017
  23. Van der Aalst WMP, de Medeiros AKA (2005) Process mining and security: detecting anomalous process executions and checking process conformance. Electron Notes Theor Comput Sci 121:3–21CrossRefGoogle Scholar
  24. Verizon (2015) 2015 data breach investigations report [Online]. Available at: Accessed 10 July 2017
  25. Verizon (2017) 2017 data breach investigation report [Online]. Available at: Accessed 10 July 2017

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Security Studies and CriminologyMacquarie UniversitySydneyAustralia

Personalised recommendations