Finding Forensic Evidence for Several Web Attacks

Suteva, Natasa and Mileva, Aleksandra and Loleski, Mario (2015) Finding Forensic Evidence for Several Web Attacks. International Journal of Internet Technology and Secured Transactions, 6 (1). pp. 64-78. ISSN online 1748-5703 (print 1748-569X)


Download (430Kb) | Preview
Official URL:


Symantec Internet Security Threat Report 2014 is showing a horrified fact, that when an attacker looked for a site to compromise, one in eight sites made it relatively easy to gain access. Digital forensics is one of our biggest line of defense against cyber criminals, because it provides evidence against them. For attacks against web applications, web application forensics is the branch which gives most of the answers. First, the victim machine usually gives some data, which are then used for identifying possible suspects, and this is followed by forensic analysis of suspects' devices, like computers, laptops, tablets, and even smart phones. In this paper, we use an attack scenario against the known vulnerable web application WackoPicko, using several web attacks: SQL injection, stored and reflected XSS, remote file inclusion, and commandline injection. We use post-mortem computer forensic analysis of attacker and victim machine to find some artefacts in them, which can help to identify and possible to reconstruct the attack, and most important, to obtain valid evidence which holds in court. We assume that the attacker was careless and did not perform any anti-forensic techniques on its machine.

Item Type: Article
Subjects: Natural sciences > Computer and information sciences
Divisions: Faculty of Computer Science
Faculty of Economics
Faculty of Educational Science
Faculty of Electrical Engineering
Depositing User: Aleksandra Mileva
Date Deposited: 02 Jan 2016 10:50
Last Modified: 04 Feb 2016 13:12

Actions (login required)

View Item View Item