Abstract
Man-in-the-browser attack is an evolved version of man-in-the-middle attack which mainly targets the internet banking. These attacks fall under the category of session hijacking, so, it is difficult to detect and stop the malicious actions as they are performed using legitimate session. Computer forensics plays a prominent role in finding the traces left behind by the hacker while compromising a computer. These traces will explain how the attack was carried out, which could serve as an evidence in the court proceedings.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
RSA White Paper, Making sense of man-in-the-browser attacks: threat analysis and mitigation for financial institutions. http://viewer.media.bitpipe.com/1039183786_34/1295277188_16/MITB_WP_0510-RSA.pdf
Dougan T, Curran K (2012) Man in the browser attacks. Int J Ambient Comput Intell 4(1):29–39. https://doi.org/10.4018/jaci.2012010103
Analysis of man-in-the-browser attack by SANS. https://www.sans.org/readingroom/whitepapers/forensics/paper/35687
OWASP article about man-in-the-browser attack. https://www.owasp.org/index.php/Man-in-the-browser_attack
ISACA article about man-in-the-browser attack. https://www.isaca.org/Journal/archives/2013/Volume-4/Pages/Man-in-the-Browser-A-Threat-to-Online-Banking.aspx
Grande CL, Guadrón RS (2016) Computer forensics. In: 2016 IEEE 36th central American and Panama convention (CONCAPAN XXXVI), pp 1–6. San Jose. https://doi.org/10.1109/concapan.2016.7942361
Zeus malware source code. https://github.com/m0n0ph1/malware-1/tree/master/Zeus
Cuckoo sandbox documentation. https://cuckoo.sh/docs/
Carrier B (2005) File system forensic analysis. https://www.oreilly.com/library/view/file-system-forensic/0321268172/
Carvey H (2011) Windows registry forensics: advanced digital forensic analysis of the windows registry. Syngress Publishing. https://dl.acm.org/citation.cfm?id=1996274
Ligh M, Adair S, Hartstein B, Richard M (2010) Malware analyst’s cookbook and DVD: tools and techniques for fighting malicious code. https://www.wiley.com/en-us/Malware+Analyst%27s+Cookbook+and+DVD%3A+Tools+and+Techniques+for+Fighting+Malicious+Code-p-9780470613030
Volatility documentation. https://github.com/volatilityfoundation/volatility/wiki
Ligh MH, Case A, Levy J, Walters A (2014) The art of memory forensics: detecting malware and threats in windows, linux, and mac memory. https://www.wiley.com/en-us/The+Art+of+Memory+Forensics%3A+Detecting+Malware+and+Threats+in+Windows%2C+Linux%2C+and+Mac+Memory-p-9781118825099
Casey E (2011) Digital evidence and computer crime: forensic science, computers, and the internet. https://dl.acm.org/citation.cfm?id=2021194
Casey E (2009) Handbook of digital forensics and investigation. https://dl.acm.org/citation.cfm?id=1822831
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Kondeti, S.D., Adada, V., Sridevi, R. (2020). A Methodology to Find Artifacts of the Hacker in Man-in-the-Browser Attack. In: Satapathy, S.C., Raju, K.S., Shyamala, K., Krishna, D.R., Favorskaya, M.N. (eds) Advances in Decision Sciences, Image Processing, Security and Computer Vision. ICETE 2019. Learning and Analytics in Intelligent Systems, vol 3. Springer, Cham. https://doi.org/10.1007/978-3-030-24322-7_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-24322-7_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24321-0
Online ISBN: 978-3-030-24322-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)