Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Literature Survey & Comparative Study
Proposed Methodology
Conclusion & Future Work
References
All Topics
Computer Science
Computer Science Applications

A Survey : Server timeline analysis for web forensics

Profile image of Hitesh GuptaHitesh Gupta

2013

Abstract

This paper describes an extensive study on the existing methods and techniques for the web server analysis. The web server analysis is important in forensic study as it analyses the web log files to discover user-accessing patterns of web pages. In order to effectively manage and report on a website related to any miss happening, it is necessary to get feedback about activity on the web servers. The aim of this study is to help the web designer and web administrator to improve the impressiveness of a website by determining occurred link connections on the website. Therefore, web logs files are pre- processed and then path analysis technique is used to investigate the URL information concerning access to electronic sources. The proposed methodology is applied to the web log files in the web server. The results and findings of this experimental study will be used by the forensic investigators for the investigative purpose. On the other side, the proposed timeline analysis can be used ...

Related papers

Computer forensic analisys of some web attacks
Natasa Suteva

World Congress on Internet Security (WorldCIS-2014), 2014

Symantec Internet Security Threat Report 2014 is showing a horrified fact, that when an attacker looked for a site to compromise, one in eight sites made it relatively easy to gain access. Many attackers are arrested due to the evidences obtained by computer forensics. The victim machine usually gives some data, which are then used for identifying possible suspects, which is followed by forensic analysis of their devices, like computers, laptops, tablets, and even smart phones. In this paper, we use an attack scenario on the known vulnerable web application WackoPicko, of three types of attacks: SQL Injection, stored XSS, and remote file inclusion, usually performed by using a web browser. We use post-mortem computer forensic analysis of attacker and victim machine to find some artifacts in them, which can help to identify and possible to reconstruct the attack, and most important to obtain valid evidence which holds in court. We assume that the attacker was careless and did not perform any anti-forensic techniques on its machine.

View PDFchevron_right
Computer Forensic Analysis of Some Web Attacks
Natasa Suteva

2014

Symantec Internet Security Threat Report 2014 is showing a horrified fact, that when an attacker looked for a site to compromise, one in eight sites made it relatively easy to gain access. Many attackers are arrested due to the evidences obtained by computer forensics. The victim machine usually gives some data, which are then used for identifying possible suspects, which is followed by forensic analysis of their devices, like computers, laptops, tablets, and even smart phones. In this paper, we use an attack scenario on the known vulnerable web application WackoPicko, of three types of attacks: SQL Injection, stored XSS, and remote file inclusion, usually performed by using a web browser. We use post-mortem computer forensic analysis of attacker and victim machine to find some artifacts in them, which can help to identify and possible to reconstruct the attack, and most important to obtain valid evidence which holds in court. We assume that the attacker was careless and did not per...

View PDFchevron_right
A REVIEW OF INTERNET FORENSICS RESEARCH
Merly Thomas

IJCSPUB, 2023

Internet Forensics is a process of preservation, identification, extraction, and documentation of internet activities for investigation purposes. It is a science of determining evidence from internet platforms like emails, Webpages, and social media (SM). Moreover, it helps the forensic team with the best possible approaches and tools to solve complicated internet cases with the tracking of browser history, scripting, and heading information used by the web servers and the sources, substance, patterns, and transmission routes of emails and Web pages. Most widely generated from the Social Media platform followed by Webpages and emails and hence it is necessary to make research such information. The widespread use of Cloud Computing and Social Networking requests has resulted in a thorough investigation of Online Social Forensic investigation. The main concern is security and observing the pointed development in social network operators. This study investigated various kinds of internet forensics such as Email forensics, social media forensic, Network forensic, and Web forensic analysis which the review papers are analyzed using these four forensic analyses. A total of 25 papers were selected for this survey in which the advantages, disadvantages, and experimental studies are discussed.

View PDFchevron_right
Legal and Technical Aspects of Web Forensics
Asaf Varol

2019 7th International Symposium on Digital Forensics and Security (ISDFS), 2019

Web forensics is a discipline that has legal and technical aspects and deals with a continuously expanding problem. This study has been conducted for two reasons-to answer the question ‘Can criminal tendency be detected from web activities?’ and to contribute to technical developments in computer forensics. Criminal records for conventional and cybercrimes committed in Turkey, detection of criminals, the sentences given, and the methods used have been examined. The technical developments in the literature dealing with web forensics have been investigated and emphasis has been laid on the types of crimes to be handled in order to develop new models. The process, method, technique, application and software of the web forensics procedure, which handles web activities, have been investigated. We observed that problems are encountered mainly at the stage of evidence analysis. The crime models that were analyzed in the legal department were determined in order to create a database for new...

View PDFchevron_right
Forensics Investigation of Web Application Security Attacks
Thabet Slimani

International Journal of Computer Network and Information Security, 2015

Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the security attacks targeting a web application every day, and hence improve its security. The aim of this paper is to carry out a detailed overview about the web application forensics. First, we define the web applications forensics, and we present a taxonomic structure of the digital forensics. Then, we present the methodology of a web application forensics investigation. After that, we illustrate the forensics supportive tools for a web application forensics investigation. After that, we present a detailed presentation of a set of the main considered web application forensics tools. Finally, we provide a comparison of the main considered web application forensics tools.

View PDFchevron_right
Finding forensic evidence for several web attacks
Natasa Suteva

International Journal of Internet Technology and Secured Transactions, 2015

Symantec Internet Security Threat Report 2014 is showing a horrified fact, that when an attacker looked for a site to compromise, one in eight sites made it relatively easy to gain access. Digital forensics is one of our biggest line of defense against cyber criminals, because it provides evidence against them. For attacks against web applications, web application forensics is the branch which gives most of the answers. First, the victim machine usually gives some data, which are then used for identifying possible suspects, and this is followed by forensic analysis of suspects' devices, like computers, laptops, tablets, and even smart phones. In this paper, we use an attack scenario against the known vulnerable web application WackoPicko, using several web attacks: SQL Injection, stored and reflected XSS, remote file inclusion, and command-line injection. We use post-mortem computer forensic analysis of attacker and victim machine to find some artifacts in them, which can help to identify and possible to reconstruct the attack, and most important, to obtain valid evidence which holds in court. We assume that the attacker was careless and did not perform any antiforensic techniques on its machine.

View PDFchevron_right
International Association of Scientific Innovation and Research (IASIR) User Identification and Page Error Detection in Web Server Logs 1
Iasir Journals
View PDFchevron_right
Experimental Analysis of Web Browser Sessions Using Live Forensics Method
M Faiz

International Journal of Electrical and Computer Engineering (IJECE), 2018

In today's digital era almost every aspect of life requires the internet, one way to access the internet is through a web browser. For security reasons, one developed is private mode. Unfortunately, some users using this feature do it for cybercrime. The use of this feature is to minimize the discovery of digital evidence. The standard investigative techniques of NIST need to be developed to uncover an ever-varied cybercrime. Live Forensics is an investigative development model for obtaining evidence of computer usage. This research provides a solution in forensic investigation effectively and efficiently by using live forensics. This paper proposes a framework for web browser analysis. Live Forensics allows investigators to obtain data from RAM that contains computer usage sessions. Web browser.

View PDFchevron_right
User Identification and Page Error Detection in Web Server Logs
Iasir Journals
View PDFchevron_right
Web log file analysis: Backlinks and Queries
Mike Thelwall

Aslib Proceedings, 2001

As has been described elsewhere, web log files are a useful source of information about visitor site use, navigation behaviour, and, to some extent, demographics. But log files can also reveal the existence of both web pages and search engine queries that are sources of new visitors. This study extracts such information from a single web log file and uses it to illustrate its value, not only to the site owner but also to those interested in investigating the online behaviour of web users.

View PDFchevron_right

References (39)

  1. K. Coar and D. Robinson. The WWW Common Gateway Interface, Version 1.1. Internet Draft, June 1999.
  2. J. Liberty and D. Hurwitz. Programming ASP.NET. O'REILLY, February 2002
  3. Security Tracker. Vulnerability statistics April 2001-march 2002. http://www.securitytracker.com/learn/statistics.htm l, April 2002.
  4. CERT/CC. "Code Red Worm" Exploiting Buffer Overflow In IIS Indexing Service DLL. Advisory CA-2001-19, July 2001.
  5. M. Roesch. Snort -Lightweight Intrusion Detection for Networks. In Proceedings of the USENIX LISA '99 Conference, November 1999.
  6. Carrier, B.D., Spafford, E.H.: Defining event reconstruction of digital crime scenes. J. Forensic Sci. 49 (2004)
  7. Carrier, B.: An event-based digital forensic investigation framework. In: Digital forensic research workshop (2004) REFERENCES
  8. K. Coar and D. Robinson. The WWW Common Gateway Interface, Version 1.1. Internet Draft, June 1999.
  9. J. Liberty and D. Hurwitz. Programming ASP.NET. O'REILLY, February 2002
  10. Security Tracker. Vulnerability statistics April 2001-march 2002. http://www.securitytracker.com/learn/statistics.htm l, April 2002.
  11. CERT/CC. "Code Red Worm" Exploiting Buffer Overflow In IIS Indexing Service DLL. Advisory CA-2001-19, July 2001.
  12. M. Roesch. Snort -Lightweight Intrusion Detection for Networks. In Proceedings of the USENIX LISA '99 Conference, November 1999.
  13. Carrier, B.D., Spafford, E.H.: Defining event reconstruction of digital crime scenes. J. Forensic Sci. 49 (2004)
  14. Carrier, B.: An event-based digital forensic investigation framework. In: Digital forensic research workshop (2004) REFERENCES
  15. K. Coar and D. Robinson. The WWW Common Gateway Interface, Version 1.1. Internet Draft, June 1999.
  16. J. Liberty and D. Hurwitz. Programming ASP.NET. O'REILLY, February 2002
  17. Security Tracker. Vulnerability statistics April 2001-march 2002. http://www.securitytracker.com/learn/statistics.htm l, April 2002.
  18. CERT/CC. "Code Red Worm" Exploiting Buffer Overflow In IIS Indexing Service DLL. Advisory CA-2001-19, July 2001.
  19. M. Roesch. Snort -Lightweight Intrusion Detection for Networks. In Proceedings of the USENIX LISA '99 Conference, November 1999.
  20. Carrier, B.D., Spafford, E.H.: Defining event reconstruction of digital crime scenes. J. Forensic Sci. 49 (2004)
  21. Carrier, B.: An event-based digital forensic investigation framework. In: Digital forensic research workshop (2004)
  22. Chisum, W.J., Turvey, B.E.: Evidence dynamics: Locard's exchange principle crime reconstruction. J. Behav. Profiling 1(1) (2000)
  23. W. Vogels, "Eventually Consistent," ACM Queue, 4 Dec. 2008; http://queue.acm.org/detail.cfm?id=1466448.
  24. Stephenson, P.: Formal modeling of post-incident root cause analysis. Int. J. Digit. Evid. 2 (2003)
  25. Gladyshev, P., Patel, A.: Finite state machine approach to digital event reconstruction. Digit. Invest. 1 (2004)
  26. Stallard, T.B.:Automated analysis for digital forensic science. Master's thesis, University of California, Davis (2002)
  27. Stallard,T.,Levitt,K.N.:Automated analysis for digital forensic science: Semantic integrity checking. In: ACSAC 160-169 (2003)
  28. Abbott, J., Bell, J., Clark, A., Vel, O.D., Mohay, G.: Automated recognition of event scenarios for digital forensics. In: SAC '06: Proceedings of the 2006 ACM symposium on applied computing pp. 293-300.ACMPress,NewYork (2006)
  29. Elsaesser, C., Tanner, M.C.: Automated diagnosis for computer forensics. Technical report, The MITRE Corporation (2001)
  30. Neuhaus, S., Zeller, A.: Isolating intrusions by automatic experiments. In: Proceedings of the 13th annual network and distributed system security symposium. pp. 71-80 (2006)
  31. Khan M, Chatwin C, Young R. A framework for post-event timeline reconstruction using neural networks. Digital Investigation 2007;4: 146-57.
  32. Olsson J, Boldt M. Computer forensic timeline visualization tool. Digital Investigation 2009;6(S1):S78-87.
  33. Guðjónsson K. Mastering the super timeline with log2timeline. SANS Reading Room; 2010.
  34. Bunting. EnCE study guide; 2008. pp. 235-237.
  35. Carbone R, Bean C. Generating computer forensic super-timelines under Linux; 2011.
  36. Buchholz F, Falk C. In: DFRWS, editor. Design and implementation of Zeitline: a forensic timeline; 2005
  37. Mr.Sushilkumar Chavhan, Ms.S.M.Nirkhi, Visualization Techniques for Digital forensics: A Survey, International Journal of Advanced Computer Research, Volume-2 Number-4 Issue-6 December-2012.
  38. Sutapat Thiprungsri. Miklos A. Vasarhelyi, Cluster Analysis for Anomaly Detection in Accounting Data: An Audit Approach, The International Journal of Research,pp 84,2011.
  39. Gerald Schrenk, Rainer Poisel,‖A Discussion of Visualization Techniques for the Analysis of Digital Evidence‖, International Conference on Availability, Reliability and Security,pp758- 763,2011.

Related papers

Digital Forensic Analyses of Web Browser Records
AYHAN AKBAL

Journal of Software, 2016

The most used applications by the majority of user of computer are web browsers. Users performs their many activities such as, browsing on the internet, download files, use social media applications, accessing e-mail accounts via web browser. Many of the crimes committed on digital resources must be analyzed user activities by examining the records of web browsers. Especially regarding crimes involving entered the URL, access times, browser type, time, downloaded files, search words, such information must be included in the reports of the examiners will create one of the data obtained. Web browser stores user records in different ways. Also, according to user operating systems differ in the locations for storing data. In this study, it is shown that how it should be done the analysis of web browsers on the digital resources which are subject to criminal, the data of different browsers on different operating systems, storage types and data types that can be obtained. In addition, it is showed that, the tools and features used to examine the records in the web browser.

View PDFchevron_right
Creating meaningful data from web logs for improving the impressiveness of a website by using path analysis method
Resul DAŞ

2009

Web usage mining is to analyze web log files to discover user accessing patterns of web pages. In order to effectively manage and report on a website, it is necessary to get feedback about activity on the web servers. The aim of this study is to help the web designer and web administrator to improve the impressiveness of a website by determining occurred link connections on the website.

View PDFchevron_right
Digital Forensic Advanced Evidence Collection and Analysis of Web Browser Activity
Ganesh Majeti

ICST Transactions on Scalable Information Systems

Web browsers are the applications that the majority of computer users utilize the most. Users carry out a wide range of tasks, including accessing the internet, downloading files, and using social media programs, using a web browser to access email accounts. Many crimes committed using digital resources need to be investigated by looking at online browser history. Such information must be included in the reports of the examiners that will generate one of the data gathered, particularly about crimes involving entering the URL, downloaded files, access times, search phrases browser type, and times. Different methods are used by web browsers to store user data. Additionally, the locations where data is stored vary depending on the operating system being used. The analysis of web browsers on digital resources that are subject to criminal activity, data from various browsers on various operating systems, storage types, and data types that can be retrieved are all demonstrated in this stu...

View PDFchevron_right
Web Browser Forensic Tools: Autopsy, BHE and Net Analysis
Hassan Adamu

International Journal of Research and Innovation in Applied Science, 2021

Information and communication technology (ICT) are becoming an integral part of everyone´s lives which affects all sectors of human activity. Nowadays, the level of computer crimes rises and it is alarming, for such, digital forensic investigation plays a vital role in tackling computer-related crimes such as cyberbullying, fraud, cyber intrusion, hacking an et cetera. The main goal of digital forensic investigation is to preserve any evidence found in its most original form and to make sure that the evidence is not tempered. Digital forensic investigators use log files to extract, analyse and present a report based on the criminal activities found on the web browsers, such log files include history, cache, download and cookies. This survey paper evaluates the features of the three selected web browsers forensic tools namely; Browser History Examiner, Autopsy and NetAnalysis, and make comparative analysis between them. The findings of the evaluation based on the features of the selected tools shows that Autopsy is the best forensic tool among them. Therefore, in this paper, Autopsy has been recommended fora digital investigator or examiner to use as their forensic tool among others.

View PDFchevron_right
A Review of Web Browser Forensic Analysis Tools and Techniques
Zunera Jalil

Researchpedia Journal of Computing, 2020

Browsers are essential to an active working environment but they also serve as the perfect cyber-attack vector. Cyber-attacks and crimes are multi-faceted in present era and having tendency to outgrow manifold. Digital forensic is a remarkable discipline to limit and investigate such threats by using its sophisticated tools. Web browser is the widely used application to access contents available on the internet and is user's face to the world. Typical browsing activities involve visiting web pages, accessing email accounts, using social media, uploading and downloading different files. User leaves digital footprints on computing device in the form of various artifacts while using browsers such as cookies, history, bookmarks, passwords, etc. These artifacts can be extracted through a specialized browser forensic toolkit to augment investigator's task. Researchers, in their previous work, have precisely focused towards specific mode of web-browsers' forensics and proposed viable investigative tools. In this study, accrued picture of all web-browsing modes (public, private and portable) has been crafted including potent forensic attributes for digital artifact's collection and comparative analysis of tools.

View PDFchevron_right

Related topics

  • Computer Science
  • Web Development
  • Web page design
  • WEB DEVELOPMENT
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved