Question

Digital Forensics, At least 200 words for each question

1/ Research a network attack (DDoS, Man-in-the-Middle, IP Spoofing, etc.) and explain it in further detail.

2/ Discuss ways that forensic examiners have been able to identify and analyze these attacks.

3/ Find an attack , where an examiner was able to successfully identify the attacker, and explain techniques used to do so.

Answer 1

Distributed Denial of Service:

A Distributed Denial of Service attack is considered as one of the most powerful weapons presents over the internet. The common phenomenon of this attack is that bringing the application or website down by the hackers. It basically relevant to that the victim is being attacked by the Distributed Denial of Service. In short this actually means the hacker attempted to bring down the website by flooding the website with traffics and thus results into the website crash. The Distributed Denial of Service attack mainly targets the websites and online services or applications. The main objective of the attacker is to overwhelm the website with traffic which the server is unable to handle or the network bandwidth can able to accommodate, thus making the website unable to operate. The traffic mainly consists of the incoming messages, connection requests and fake packets. In most of the cases, the targeted victims are mostly threatened with the Distributed Denial of Service attack or even attacked at a very low level. This might be combined with the extortion threat or can be quite devastating unless the victims pays a ransom to the attacker. The Distributed Denial of Service attack is quite dangerous for the victim.

Ways that forensic examiners have been able to identify and analyze these attacks

The main purpose of the computer forensic examination is to recover the data from the computers seized as the evidence in the criminal investigation especially when the victim is targeted with the network attacks such as Distributed Denial of Service, main in the middle attack, ransomware, etc. The forensic experts mainly utilize the systematic approach which can examine the evidence that could help the experts to find the attacker and even can helps in figuring the loophole present in the infrastructure. Most of the forensic examiners perform their test on the data set, such as looking for the data which are compromised. They make use of the forensic tool which basically helped them to determine and gather the evidence from the attack. Moreover, the forensic examiners uses forensic tools such as Wireshark which helps in gathering the traffic information that entered or went out of the victim’s network. Wireshark mostly capture the packet and then analyze it. The network forensic tool mostly helped the forensic experts to come to a conclusion regarding the time of attack and the loophole present in the victim’s network.

Technique used to identify the attacker:

Figuring out the exact location of the attacker from where the attack is being triggered is very much difficult as the attacker mostly use different location to trigger the attack and thus makes it difficult for any forensic examiner to detect the exact IP address of the attacker’s system. But in few cases though the forensic examiner got success in finding out the details of the attacker. One such incident where forensic expert got hold of a 18 year old attacker who tried to launch a Distributed Denial of Service attack on the Dutch Tax authority by bringing down their servers using loads of traffic. The forensic experts most use certain technology to figure out the location and even many businesses use a trap to divert the attack from the actual server to the trap. Honeypot is one such technique which uses the network attached system just to set up a decoy to lure down the cyber attackers and can able to detect, study and deflect the hacking attempt from the main infrastructure to the decoy one. The honey pot usually act as loophole present in the network security and the OS are configured such that attacker think it’s a exploitable vulnerability.