Abstract
In recent years, digital attacks against organizations, critical infrastructure and military targets are increasing. Generally, these attacks are summarized under the term Cyberwar and broadly discussed by the press, military experts and politicians. Attribution (“Who did it?”) is often a major question in these discussions. But, by using computers and the Internet, these attacks leave digital traces which may become digital evidence. Digital forensics as a scientific discipline deals with methodologies to find and handle digital evidence. The main goal of digital forensic investigations is to reconstruct how an attack occurred and who is responsible. In this paper we show up the fundamental principles of digital forensics and discuss the usefulness of digital evidence in the mentioned attack scenarios. By sketching out two concrete examples, we present the capabilities of digital forensics to investigate distributed denial of service attacks and malware attacks.
Similar content being viewed by others
Notes
- 1.
Davis (2007).
- 2.
Bundesamt für Sicherheit in der Informationstechnik (2014), p. 31.
- 3.
Langner (2013).
- 4.
Coviello (2011).
- 5.
Kaspersky (2015).
- 6.
Rid and Buchanan (2014).
- 7.
Böhme et al. (2009).
- 8.
Böhme et al. (2009).
- 9.
Casey (2011), p. 26.
- 10.
Rid and Buchanan (2014).
- 11.
Slay et al. (2009).
- 12.
Dewald and Freiling (2011), p. 49.
- 13.
Dewald (2012), p. 59.
- 14.
Inman and Rudin (2002).
- 15.
Dewald and Freiling (2012).
- 16.
Dewald and Freiling (2012).
- 17.
Inman and Rudin (2002).
- 18.
Inman and Rudin (2002).
- 19.
Inman and Rudin (2002).
- 20.
Inman and Rudin (2002).
- 21.
Dewald (2012), p. 48f.
- 22.
Dardick et al. (2014), p. 156.
- 23.
Inman and Rudin (2002).
- 24.
- 25.
Inman and Rudin (2002).
- 26.
Inman and Rudin (2002).
- 27.
Dewald (2012), p. 13.
- 28.
Inman and Rudin (2000), p. 5f.
- 29.
Inman and Rudin (2000), p. 5f.
- 30.
Dewald (2012), p. 13f.
- 31.
Casey (2011), p. 24.
- 32.
HTML is the markup language used to semantically describe the structure of a website. HTML files and all referenced files like images are downloaded, rendered and presented by browsers like Firefox, Chrome, Internet Explorer or Edge.
- 33.
Casey (2011), p. 7.
- 34.
Inman and Rudin (2002).
- 35.
Carrier (2003).
- 36.
Dewald and Freiling (2011), p. 36.
- 37.
Carrier (2003).
- 38.
Dewald (2012), p. 83.
- 39.
Dewald (2012), p. 86.
- 40.
Dewald (2012), p. 91.
- 41.
Association of Chief Police Officers (2007).
- 42.
Dewald (2012), p. 39f.
- 43.
Casey (2011), p. 26.
- 44.
Dewald (2012), p. 41.
- 45.
Böhme et al. (2009).
- 46.
Casey (2011), p. 21.
- 47.
Casey (2011), p. 21f.
- 48.
Casey (2011), p. 22.
- 49.
Casey (2011), p. 70.
- 50.
Casey (2011), p. 26.
- 51.
Casey (2011), p. 26.
- 52.
Malware is a general term for viruses, trojan horses, hoaxes, worms, etc.
- 53.
Stuxnet picked either www.mypremierfutbol.com. or www.todaysfutbol.com to report the information about the recently infected PC. The domains have been hosted in Malaysia and Denmark.
- 54.
A command-and-control server is common to operate a bunch of infected PCs. This architecture (server+infected PCs) is also the standard for so called botnets, which are often used to deploy non-targeted malware or to execute DDoS attacks.
- 55.
Inman and Rudin (2002).
- 56.
Kannenberg (2015).
- 57.
Rid and Buchanan (2014).
References
Association of Chief Police Officers (2007) Good practice guide for computer-based electronic evidence. http://www.cps.gov.uk/legal/assets/uploads/files/ACPO_guidelines_computer_evidence%5B1%5D.pdf. Accessed 25 Aug 2015
Böhme R, Freiling FC, Gloe T, Kirchner M (2009) Multimedia-Forensik als Teildisziplin der digitalen Forensik. In: Informatik 2009: Im Focus das Leben, Beiträge der 39. Jahrestagung der Gesellschaft für Informatik e.V. (GI), Lübeck. Lecture Notes in Informatics (LNI), vol 154, pp 1537–1551
Bundesamt für Sicherheit in der Informationstechnik (2014) Die Lage der IT-Sicherheit in Deutschland 2014. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2014.pdf?__blob=publicationFile. Accessed 25 Aug 2015
Carrier B (2003) Defining digital forensic examination and analysis tools using abstraction layers. Int J Digit Evid 1(4):1–12
Casey E (2011) Digital evidence and computer crime: forensic science, computers, and the internet, 3rd edn. Academic, New York
Coviello A (2011) Open letter to RSA customers. http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex991.htm. Accessed 30 July 2015
Dardick GS, Endicott-Popovsky B, Gladyshev P, Kemmerich T, Rudolph C (2014) Digital evidence and forensic readiness (Dagstuhl Seminar 14092). In: Dagstuhl Reports, vol 4(2) (2014), pp 150–190
Davis J (2007) Hackers take down the most wired country in Europe. http://archive.wired.com/politics/security/magazine/15-09/ff_estonia. Accessed 24 Aug 2015
Dewald A (2012) Formalisierung digitaler Spuren und ihre Einbettung in die Forensische Informatik. Dissertation, Universität Erlangen-Nürnberg
Dewald A, Freiling F (2011) Forensische informatik. Books on Demand, Nordersted
Dewald A, Freiling F (2012) Is computer forensics a forensic science? In: Proceedings of current issues in IT security, Freiburg
Inman K, Rudin N (2000) Principles and practice of criminalistics: the profession of forensic science. CRC, Boca Raton
Inman K, Rudin N (2002) The origin of evidence. Forensic Sci Int 126:11–26
Kannenberg A (2015) DDoS-Attacke auf Web-Seiten von Kanzlerin und Bundestag. http://www.heise.de/newsticker/meldung/DDoS-Attacke-auf-Web-Seiten-von-Kanzlerin-und-Bundestag-2512871.html. Accessed 06 Aug 2015
Kaspersky E (2015) Kaspersky Lab investigates hacker attack on its own network. https://blog.kaspersky.com/kaspersky-statement-duqu-attack/. Accessed 30 July 2015
Langner R (2013) To kill a centrifuge: a technical analysis of what stuxnets creators tried to achieve. http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf. Accessed 25 Aug 2015
Rid T, Buchanan B (2014) Attributing cyber attacks. J Strateg Stud 38(1–2):4–37. https://doi.org/10.1080/01402390.2014.977382
Slay J, Lin YC, Turnbull B, Beckett J, Lin P (2009) Towards a formalization of digital forensics. In: Peterson G, Shenoi S (eds) Advances in digital forensics V. Fifth IFIP WG 11.9 International conference on digital forensics, Orlando, January 2009. IFIP advances in information and communication technology, vol 306. Springer, Berlin, Heidelberg, pp 37–47
Zetter K (2011) How digital detectives deciphered stuxnet, the most menacing malware in history. http://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/. Accessed 25 Aug 2015
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Meier, S. (2018). Digital Forensics. In: Heintschel von Heinegg, W., Frau, R., Singer, T. (eds) Dehumanization of Warfare. Springer, Cham. https://doi.org/10.1007/978-3-319-67266-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-67266-3_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67264-9
Online ISBN: 978-3-319-67266-3
eBook Packages: Law and CriminologyLaw and Criminology (R0)