無痕瀏覽模式調查惡意攻擊跡證

 

Evidence Investigations to Malicious Attacks in Incognito Browsing Mode of Internet Systems

 

莊禾

國立政治大學資訊科學系

左瑞麟

國立政治大學資訊科學系

柯宏*

國立中興大學資訊科學與工程學系

洪國寶

國立中興大學資訊科學與工程學系

王旭正

中央警察大學資訊管理學系

sjwang@mail.cpu.edu.tw

*whom correspondence

 

摘要

目前物聯網Internet of Thing, IoT)發展已來到第四階段,也就是透過既有的Web標準來達成設備間互相通訊,稱之為WoTWeb of Things)。對於新的趨勢,所會面臨到的安全議題不僅止於IoT連線設備,亦包含Web應用程式漏洞。而諸如無痕瀏覽模式等匿蹤技術的發展,使得識人員於調查過程中遇到阻礙。因此,本文將著重於在無痕瀏覽模式下的SQL InjectionCross-Site ScriptingXSS)的攻擊手法進行分析,藉由記憶體識技術找出攻擊端及受駭端之證據關聯性,建立完整識程序。

 

Abstract

At present, the development of the Internet of Things (IoT) has reached the fourth stage. That is to say, being in the stage of communications between devices through existing Web standards, which is called WoT (Web of Things). For the upcoming new trends, the security issues not only face IoT connected devices, but also include web application vulnerabilities. The development of hidden technologies such as incognito browsing modes has made forensic investigator encounter obstacles in the evidence checking process. Therefore, this paper will focus on the analysis of SQL Injection and Cross-Site Scripting (XSS) attack methods in incognito browsing mode. It is by the exploration of memory forensics to find out the correlation between the attacking and hacked terminal-ends. Then establish more complete forensic procedures in our study works.

 

關鍵詞: 記憶體識、Web應用程式漏洞、SQL InjectionCross-Site Scripting