Advertisement

A Methodology to Find Artifacts of the Hacker in Man-in-the-Browser Attack

  • Sai Dinesh Kondeti
  • Vishal AdadaEmail author
  • R. Sridevi
Conference paper
Part of the Learning and Analytics in Intelligent Systems book series (LAIS, volume 3)

Abstract

Man-in-the-browser attack is an evolved version of man-in-the-middle attack which mainly targets the internet banking. These attacks fall under the category of session hijacking, so, it is difficult to detect and stop the malicious actions as they are performed using legitimate session. Computer forensics plays a prominent role in finding the traces left behind by the hacker while compromising a computer. These traces will explain how the attack was carried out, which could serve as an evidence in the court proceedings.

Keywords

Hacking Session hijacking Computer forensics 

References

  1. 1.
    RSA White Paper, Making sense of man-in-the-browser attacks: threat analysis and mitigation for financial institutions. http://viewer.media.bitpipe.com/1039183786_34/1295277188_16/MITB_WP_0510-RSA.pdf
  2. 2.
    Dougan T, Curran K (2012) Man in the browser attacks. Int J Ambient Comput Intell 4(1):29–39.  https://doi.org/10.4018/jaci.2012010103
  3. 3.
    Analysis of man-in-the-browser attack by SANS. https://www.sans.org/readingroom/whitepapers/forensics/paper/35687
  4. 4.
    OWASP article about man-in-the-browser attack. https://www.owasp.org/index.php/Man-in-the-browser_attack
  5. 5.
  6. 6.
    Grande CL, Guadrón RS (2016) Computer forensics. In: 2016 IEEE 36th central American and Panama convention (CONCAPAN XXXVI), pp 1–6. San Jose.  https://doi.org/10.1109/concapan.2016.7942361
  7. 7.
  8. 8.
    Cuckoo sandbox documentation. https://cuckoo.sh/docs/
  9. 9.
    Carrier B (2005) File system forensic analysis. https://www.oreilly.com/library/view/file-system-forensic/0321268172/
  10. 10.
    Carvey H (2011) Windows registry forensics: advanced digital forensic analysis of the windows registry. Syngress Publishing. https://dl.acm.org/citation.cfm?id=1996274
  11. 11.
    Ligh M, Adair S, Hartstein B, Richard M (2010) Malware analyst’s cookbook and DVD: tools and techniques for fighting malicious code. https://www.wiley.com/en-us/Malware+Analyst%27s+Cookbook+and+DVD%3A+Tools+and+Techniques+for+Fighting+Malicious+Code-p-9780470613030
  12. 12.
  13. 13.
    Ligh MH, Case A, Levy J, Walters A (2014) The art of memory forensics: detecting malware and threats in windows, linux, and mac memory. https://www.wiley.com/en-us/The+Art+of+Memory+Forensics%3A+Detecting+Malware+and+Threats+in+Windows%2C+Linux%2C+and+Mac+Memory-p-9781118825099
  14. 14.
    Casey E (2011) Digital evidence and computer crime: forensic science, computers, and the internet. https://dl.acm.org/citation.cfm?id=2021194
  15. 15.
    Casey E (2009) Handbook of digital forensics and investigation. https://dl.acm.org/citation.cfm?id=1822831

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.CSE DepartmentJNTUHCEHHyderabadIndia

Personalised recommendations