Log4shell Investigate Based On Generic Computer Forensic Investigation Model

2023 20th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON) Pub Date : 2023-05-09 DOI:10.1109/ECTI-CON58255.2023.10153283

Ukid Changsan, Pongsarun Boonyopakorn

{"title":"Log4shell Investigate Based On Generic Computer Forensic Investigation Model","authors":"Ukid Changsan, Pongsarun Boonyopakorn","doi":"10.1109/ECTI-CON58255.2023.10153283","DOIUrl":null,"url":null,"abstract":"Log 4Shel1 (CVE-2021-44228) Vulnerability was disclosed on November 24, 2021. It is loophole from JAVA application which is a ubiquitous library of Log4j for logging framework. The hacker invokes JNDI lookup component for call Lightweight Directory Access Protocol (LDAP) which attacked by several ways such as Remote Code Execute (RCE) which is a critical effect on the vulnerable server. Therefore, this research paper proposes a study to investigate Log 4Shell under the control of the Generic Computer Forensic Investigation Model (GCFIM). The purpose of this investigation is to determine the management of the analysis process for accessing guideline information, gathering data, and analyzing digital evidence related to the Log4Shell attack. Furthermore, the paper provides a report documenting the source of the attacker that attacked the servers, which can be used as evidence in legal documents in court.","PeriodicalId":340768,"journal":{"name":"2023 20th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON)","volume":"1241 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 20th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECTI-CON58255.2023.10153283","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Log 4Shel1 (CVE-2021-44228) Vulnerability was disclosed on November 24, 2021. It is loophole from JAVA application which is a ubiquitous library of Log4j for logging framework. The hacker invokes JNDI lookup component for call Lightweight Directory Access Protocol (LDAP) which attacked by several ways such as Remote Code Execute (RCE) which is a critical effect on the vulnerable server. Therefore, this research paper proposes a study to investigate Log 4Shell under the control of the Generic Computer Forensic Investigation Model (GCFIM). The purpose of this investigation is to determine the management of the analysis process for accessing guideline information, gathering data, and analyzing digital evidence related to the Log4Shell attack. Furthermore, the paper provides a report documenting the source of the attacker that attacked the servers, which can be used as evidence in legal documents in court.

查看原文本刊更多论文

基于通用计算机取证调查模型的Log4shell调查

日志4Shel1 (CVE-2021-44228)漏洞于2021年11月24日披露。这是一个漏洞，从JAVA应用程序是一个无处不在的Log4j库用于日志框架。黑客调用JNDI查找组件来调用轻量级目录访问协议(LDAP)，该协议通过多种方式进行攻击，例如远程代码执行(RCE)，这对易受攻击的服务器具有关键影响。因此，本文提出在通用计算机取证调查模型(GCFIM)的控制下对log4shell进行调查研究。本调查的目的是确定访问指导信息、收集数据和分析与Log4Shell攻击相关的数字证据的分析过程的管理。此外，本文还提供了一份报告，记录了攻击服务器的攻击者的来源，可以作为法庭法律文书的证据。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 20th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON)

自引率

0.00%

发文量