网络犯罪调查中尸检和波动性的评估:一个清晰的法医案例研究

IF 0.6 Q4 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS

International Journal of Digital Crime and Forensics Pub Date : 2020-01-01 DOI:10.4018/ijdcf.2020010104

Ahmed Almutairi, Behzad Shoarian Satari, Carlos Rivas, Cristian Florin Stanciu, Mozhdeh Yamani, Zahra Zohoorsaadat, Serguei A. Mokhov

{"title":"网络犯罪调查中尸检和波动性的评估:一个清晰的法医案例研究","authors":"Ahmed Almutairi, Behzad Shoarian Satari, Carlos Rivas, Cristian Florin Stanciu, Mozhdeh Yamani, Zahra Zohoorsaadat, Serguei A. Mokhov","doi":"10.4018/ijdcf.2020010104","DOIUrl":null,"url":null,"abstract":"In this article, the authors successfully created two new plugins one for Autopsy Forensic Tool, and the other for Volatility Framework. Both plugins are useful for encoding digital evidences in Forensic Lucid which is the goal of this work. The first plugin was integrated in Autopsy to generate a report for the case of a Brute Force Authentication attack by looking for evidence in server logs based on a key search. On the other hand, the second plugin named ForensicLucidDeviceTree aims to find whether a device stack has been infected by a root-kit or not expression is implied by the previous statement. The results of both plugins are shown in Forensic Lucid Format and were successfully compiled using GIPC compiler.","PeriodicalId":44650,"journal":{"name":"International Journal of Digital Crime and Forensics","volume":"49 1","pages":"58-89"},"PeriodicalIF":0.6000,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluation of Autopsy and Volatility for Cybercrime Investigation: A Forensic Lucid Case Study\",\"authors\":\"Ahmed Almutairi, Behzad Shoarian Satari, Carlos Rivas, Cristian Florin Stanciu, Mozhdeh Yamani, Zahra Zohoorsaadat, Serguei A. Mokhov\",\"doi\":\"10.4018/ijdcf.2020010104\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this article, the authors successfully created two new plugins one for Autopsy Forensic Tool, and the other for Volatility Framework. Both plugins are useful for encoding digital evidences in Forensic Lucid which is the goal of this work. The first plugin was integrated in Autopsy to generate a report for the case of a Brute Force Authentication attack by looking for evidence in server logs based on a key search. On the other hand, the second plugin named ForensicLucidDeviceTree aims to find whether a device stack has been infected by a root-kit or not expression is implied by the previous statement. The results of both plugins are shown in Forensic Lucid Format and were successfully compiled using GIPC compiler.\",\"PeriodicalId\":44650,\"journal\":{\"name\":\"International Journal of Digital Crime and Forensics\",\"volume\":\"49 1\",\"pages\":\"58-89\"},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2020-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Digital Crime and Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/ijdcf.2020010104\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Digital Crime and Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijdcf.2020010104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

摘要

在本文中，作者成功地创建了两个新的插件，一个用于尸检法医工具，另一个用于波动性框架。这两个插件都有助于在Forensic Lucid中编码数字证据，这是本工作的目标。第一个插件集成在尸检中，通过在服务器日志中查找基于密钥搜索的证据，为暴力验证攻击的情况生成报告。另一方面，第二个名为ForensicLucidDeviceTree的插件旨在查找设备堆栈是否已被根工具包感染，或者前面的语句是否暗示了表达式。这两个插件的结果都以Forensic Lucid格式显示，并使用GIPC编译器成功编译。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evaluation of Autopsy and Volatility for Cybercrime Investigation: A Forensic Lucid Case Study

In this article, the authors successfully created two new plugins one for Autopsy Forensic Tool, and the other for Volatility Framework. Both plugins are useful for encoding digital evidences in Forensic Lucid which is the goal of this work. The first plugin was integrated in Autopsy to generate a report for the case of a Brute Force Authentication attack by looking for evidence in server logs based on a key search. On the other hand, the second plugin named ForensicLucidDeviceTree aims to find whether a device stack has been infected by a root-kit or not expression is implied by the previous statement. The results of both plugins are shown in Forensic Lucid Format and were successfully compiled using GIPC compiler.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Digital Crime and Forensics COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-

CiteScore

2.70

自引率

0.00%

发文量