Web Application Log Forensics After a Hack


 Web Application Log Forensics After a Hack

Sites get hacked, it’s not pleasant but it happens. A critical part of it, especially in my experience, has been the web application log forensics applied directly after an attack. You can usually piece together what happened, especially if the attacker doesn’t rotate IP addresses during the attack. With a little poking around and after creating a timeline, you can usually figure out what the entry point was and where the flaw in your site/software is.

It’s a critical skill to learn and a great reason to have all your logs turned on, all the time as verbose as your server and storage can handle it. This article from Acunetix walks you through some of the things to look for, and the flow to use when examining a server post-attack.

Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the security attacks targeting a web application every day, and hence improve its security. The aim of this paper is to carry out a detailed overview about the web application forensics. First, we define the web applications forensics, and we present a taxonomic structure of the digital forensics. Then, we present the methodology of a web application forensics investigation. After that, we illustrate the forensics supportive tools for a web application forensics investigation. After that, we present a detailed presentation of a set of the main considered web application forensics tools. Finally, we provide a comparison of the main considered web application forensics tools.

This includes:

Web server(s) and application server(s) logs

Server side scripts which are used by the web application

Web server(s) and application server(s) configuration files

Any 3rd. party installed software logs and vital files.

OS logs and vital system files Remember that the files could also be cover several computer systems, which together comprise the web application.

Analyze the collected data; attempt to create a particular chain of events. (techniques are going to be explained later)

Summarize findings, and make a log of all files and data extracted from the web application.

Web application forensics comes into picture when such kinds of attacks occur on web applications. The web application forensics involves forensic examination of web applications and its contents (such as logs, www directory, and config files) to trace back the attack, identify the origin of the attack, and determine how the attack was propagated along with the devices used (mobiles and computer) and the persons involved to perform the attack. The investigators examine the logs and configuration files associated with web server and application server, server side scripts used by the web application, and logs pertaining to third party software applications and operating system, to get an insight of the attack.

Comments

Popular posts from this blog

Some Dark web Links

How to join Cyber Cell or Cyber Crime Department in India || Exam or Direct or Skills???

ATM HACKING TOOL TRENDING ON DARK WEB