Abstract
Nowadays because of the growth of internet usage in all over the world, users of this global service are faced with many different threats. Attackers are trying to improve their methods in order to penetrate the users’ machines to misuse their systems and their information. Most of the cyber-crimes are the result of one attack to a user or a network of many users. One of the important attacks in this area is Botnet which is controlling some compromised computers by an attacker remotely in terms of specific victim. This study tries to propose and implement a procedure in order to extract information and footprints of infected system with Botnet in order to reconstruct the Botnet attack and prepare a digital evidence package which shows the malicious activities and malicious files of this attack to present in a court.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zeidanloo, H.R., et al.: Botnet detection based on traffic monitoring. In: 2010 International Conference on Networking and Information Technology (ICNIT). IEEE (2010)
Boe, B.: Super Awesome Project Name Here (2009)
Brand, M., Valli, C., Woodward, A.: Malware Forensics: Discovery of the Intent of Deception (2010)
Law, F.Y.W., et al.: A host-based approach to botnet investigation? Digital Forensics Cyber Crime 161–170 (2010)
Silva, S.S., et al.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)
Zhu, Z., et al.: Botnet research survey. In: Computer software and applications, 2008. In: COMPSAC’08, 32nd Annual IEEE International. IEEE (2008)
Casey, E.: Handbook of Computer Crime Investigation: Forensic Tools and Technology. Academic Press (2004)
Hay, B., Nance, K., Bishop, M.: Live analysis: progress and challenges. IEEE Secur. Priv. 7(2), 30–37 (2009)
Adelstein, F.: Live forensics: diagnosing your system without killing it first. Commun. ACM 49(2), 63–66 (2006)
Ilavarasan, E., Muthumanickam, K.: A Survey on host-based Botnet identification. In: 2012 International Conference on Radar, Communication and Computing (ICRCC). IEEE (2012)
Wang, S.J., Kao, D.Y.: Internet forensics on the basis of evidence gathering with peep attacks. Comput. Stand. Interfaces 29(4), 423–429 (2007)
Cavalca, D., Goldoni, E.: An open architecture for distributed malware collection and analysis. In: Open Source Software for Digital Forensics, pp. 101–116. Springer (2010)
Britz, M.T.: Computer Forensics and Cyber Crime: An Introduction, 2/E. Pearson Education India (2009)
Ligh, M., et al.: Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Wiley (2010)
Ard, C.: Botnet analysis. Int. J. Forensic Comput. Sci. 2(1), 65–74 (2007)
Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: SECURWARE’09. Third International Conference on Emerging Security Information, Systems and Technologies, 2009. IEEE (2009)
Annis, J., et al.: Zombie networks: an investigation into the use of anti-forensic techniques employed by botnets (2008)
Jackson, A.W., et al.: SLINGbot: a system for live investigation of next generation botnets. in Conference For Homeland Security, 2009. In: CATCH’09. Cybersecurity Applications and Technology. IEEE (2009)
Brand, M., Valli, C., Woodward, A.: Malware forensics: discovery of the intent of deception. J. Digital Forensics Secur. Law 5(4), 31–42 (2010)
Hay, B., Bishop, M., Nance, K.: Live analysis: progress and challenges. IEEE Secur. Priv. 7(2), 30–37 (2009)
Junewon, P.: Acquiring Digital Evidence from Botnet Attacks: Procedures and Methods. AUT University (2011)
Tabish, S.M., Shafiq, M.Z., Farooq, M.: Malware detection using statistical analysis of byte-level file content. In: Proceedings of the ACM SIGKDD Workshop on Cybersecurity and Intelligence Informatics. ACM (2009)
Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113–127 (2010)
Wang, L., Zhang, R., Zhang, S.: A model of computer live forensics based on physical memory analysis. In: 2009 1st International Conference on Information Science and Engineering (ICISE). IEEE (2009)
Zeidanloo, H.R., Manaf, A.A.: Botnet command and control mechanisms. In: Second International Conference on Computer and Electrical Engineering, 2009. ICCEE’09. IEEE (2009)
Zeidanloo, H.R., Manaf, A.B.A.: Botnet detection by monitoring similar communication patterns (2010). arXiv:1004.1232
Zeidanloo, H.R., et al.: A proposed framework for P2P Botnet detection. IACSIT Int. J. Eng. Technol. 2, 161–168 (2010)
Zeidanloo, H.R., et al.: A taxonomy of Botnet detection techniques. In: 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT). IEEE (2010)
Ibrahim, L.M., Thanoon, K.H.: Detection of Zeus Botnet in Computers Networks and Internet (2012)
Ieong, R.: Freeware Live Forensics Tools Evaluation and Operation Tips (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Javadianasl, Y., Manaf, A.A., Zamani, M. (2017). A Practical Procedure for Collecting More Volatile Information in Live Investigation of Botnet Attack. In: Hassanien, A., Mostafa Fouad, M., Manaf, A., Zamani, M., Ahmad, R., Kacprzyk, J. (eds) Multimedia Forensics and Security. Intelligent Systems Reference Library, vol 115. Springer, Cham. https://doi.org/10.1007/978-3-319-44270-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-44270-9_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44268-6
Online ISBN: 978-3-319-44270-9
eBook Packages: EngineeringEngineering (R0)