無痕瀏覽模式調查惡意攻擊跡證
Evidence
Investigations to Malicious Attacks in Incognito Browsing Mode of Internet
Systems
莊禾暘
國立政治大學資訊科學系
左瑞麟
國立政治大學資訊科學系
柯宏叡*
國立中興大學資訊科學與工程學系
洪國寶
國立中興大學資訊科學與工程學系
王旭正
中央警察大學資訊管理學系
*whom
correspondence
摘要
目前物聯網(Internet of Thing, IoT)發展已來到第四階段,也就是透過既有的Web標準來達成設備間互相通訊,稱之為WoT(Web of Things)。對於新的趨勢,所會面臨到的安全議題不僅止於IoT連線設備,亦包含Web應用程式漏洞。而諸如無痕瀏覽模式等匿蹤技術的發展,使得鑑識人員於調查過程中遇到阻礙。因此,本文將著重於在無痕瀏覽模式下的SQL Injection與Cross-Site Scripting(XSS)的攻擊手法進行分析,藉由記憶體鑑識技術找出攻擊端及受駭端之證據關聯性,建立完整鑑識程序。
Abstract
At present, the development of the Internet of Things (IoT) has reached the fourth stage. That is to say, being in
the stage of communications between devices through existing Web standards, which is called WoT (Web of Things).
For the upcoming new trends, the security issues not only face IoT connected devices, but also include web application
vulnerabilities. The development of hidden technologies such as incognito
browsing modes has made forensic investigator encounter obstacles in the
evidence checking process. Therefore, this paper will focus on the analysis of
SQL Injection and Cross-Site Scripting (XSS) attack methods in incognito
browsing mode. It is by the exploration of memory forensics to find out the
correlation between the attacking and hacked terminal-ends. Then establish more
complete forensic procedures in our study works.
關鍵詞: 記憶體鑑識、Web應用程式漏洞、SQL Injection、Cross-Site Scripting