Paper Info
Title
A Host-Based Approach to BotNet Investigation?
Abstract
Robot Networks (BotNets) are one of the most serious threats faced by the online community today. Since their appearance in the late 1990's, much effort has been expended in trying to thwart their unprecedented growth. However. with robust and advanced capabilities, it is very difficult for average users to avoid or prevent infection by BotNet malware. Moreover, whilst BotNets have increased in scale, scope and sophistication, the dearth of standardized and effective investigative procedures poses huge challenges to digital investigators in trying to probe such cases. In this paper we present a practical (and repeatable) host-based investigative methodology to the collection of evidentiary information from a Bot-infected machine. Our approach collects digital traces from both the network and physical memory of the infected local host, and correlates this information to identify the resident BotNet malware involved.
Year
DOI
Venue
2009
10.1007/978-3-642-11534-9_16
Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering
Keywords
DocType
Volume
BotNet,memory forensics,network investigation,malware
Conference
31
ISSN
Citations 
PageRank 
1867-8211
2
0.38
References 
Authors
3
4
Name
Order
Citations
PageRank
Frank Y. W. Law1639.46
Kam-Pui Chow228339.82
Pierre K. Y. Lai37510.54
Hayson Tse4354.62