A Postmortem Forensic Analysis for a JavaScript Based Attack
作者: Sally Mosaad , Nashwa Abdelbaki , Ahmed F. Shosha
DOI: 10.1007/978-3-319-58424-9_5
关键词:
摘要: Nowadays, users and corporates are more connected to the web. User accesses her/his sensitive business/non-business applications using a web browser. There numerous browsers’ based attacks many of them implemented JavaScript. One these is Drive-by-Download. Security researchers introduced several tools techniques detect and/or prevent this serious attack. Few address browser forensics identify attack traces/evidences reconstruct executed events downloaded malicious content. In study, we introduce postmortem forensic methodology that investigates subjected Drive-by-Download We develop Firefox extension (FEPFA) delve into URLs. The developed system tested on pages successfully identifies digital evidences majority collected were non-volatile could assist investigator in analysis.
springer.com
sci-hub.se 参考文章(22)
Giancarlo De Maio, Alexandros Kapravelos, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, PExy: The Other Side of Exploit Kits international conference on detection of intrusions and malware, and vulnerability assessment. pp. 132- 151 ,(2014) , 10.1007/978-3-319-08509-8_8
Blake Hartstein, Matthew Richard, Steven Adair, Michael Ligh, Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code ,(2010)
Boxuan Gu, Wenbin Zhang, Xiaole Bai, Adam C. Champion, Feng Qin, Dong Xuan, JSGuard: Shellcode Detection in JavaScript international conference on security and privacy in communication systems. pp. 112- 130 ,(2012) , 10.1007/978-3-642-36883-7_8
Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, Giovanni Vigna, None, Revolver: an automated approach to the detection of evasiveweb-based malware usenix security symposium. pp. 637- 652 ,(2013)
Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn, NOZZLE: a defense against heap-spraying code injection attacks usenix security symposium. pp. 169- 186 ,(2009)
Christopher Kruegel, Giovanni Vigna, Yanick Fratantonio, Shellzer: A Tool for the Dynamic Analysis of Malicious Shellcode Lecture Notes in Computer Science. pp. 61- 80 ,(2011) , 10.1007/978-3-642-23644-0_4
Timon Van Overveldt, Christopher Kruegel, Giovanni Vigna, FlashDetect: ActionScript 3 Malware Detection Research in Attacks, Intrusions, and Defenses. pp. 274- 293 ,(2012) , 10.1007/978-3-642-33338-5_14
Junghoon Oh, Seungbong Lee, Sangjin Lee, Advanced evidence collection and analysis of web browser activity digital forensic research workshop. ,vol. 8, ,(2011) , 10.1016/J.DIIN.2011.05.008
Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720
Pavel Laskov, Nedim Šrndić, Static detection of malicious JavaScript-bearing PDF documents annual computer security applications conference. pp. 373- 382 ,(2011) , 10.1145/2076732.2076785