Duck Hunt: Memory forensics of USB attack platforms
نویسندگان
چکیده
To explore the memory forensic artifacts generated by USB-based attack platforms, we analyzed two of most popular commercially available devices, Hak5's USB Rubber Ducky and Bash Bunny. We present open source Volatility plugins, usbhunt dhcphunt, which extract these attacks from Windows 10 system images. Such include driver-related diagnostic events, unique device identifiers, DHCP client logs. Our tools are capable extracting metadata-rich events any device. The identifiers presented in this work may also be used to definitively detect usage. Likewise, logs carve useful analysis other network-connected peripherals. quantify how long remain recoverable memory. experiments demonstrated that some Indicators Compromise (IOCs) for at least 24 h.
منابع مشابه
A forensics overview and analysis of USB flash memory devices
Current forensic tools for examination of embedded systems like mobile phones and PDAs mostly perform data extraction on a logical level and do not consider the type of storage media during data analysis. This report suggests different low level approaches for the forensic examination of flash memories and describes three lowlevel data acquisition methods for making full memory copies of flash ...
متن کاملAttack Graph Analysis for Network Anti-Forensics
The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is th...
متن کاملAttack Intention Analysis Model for Network Forensics
In network forensics, attack intentions analyses play a major role to help and accelerate decision–making for apprehending the real perpetrator. In fact, attack intention analysis is a prediction factor to help investigators to conclude a case with high accuracy. However, current techniques in attack intention analysis only focus on recognizing an alert correlation for certain evidence and pred...
متن کاملHypervisor Memory Forensics
Memory forensics is the branch of computer forensics that aims at extracting artifacts from memory snapshots taken from a running system. Even though it is a relatively recent field, it is rapidly growing and it is attracting considerable attention from both industrial and academic researchers. In this paper, we present a set of techniques to extend the field of memory forensics toward the anal...
متن کاملSecure Data Deletion for USB Flash Memory
People commonly use USB flash memory because of its convenience and portability. It stores various data such as documents, pictures, certificates, and private data (e.g., passwords, account numbers). These data, especially private data, should not be revealed to the outside. However, even when the stored data is deleted, these data can be recovered using data recovery programs. To prevent this ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Forensic Science International: Digital Investigation
سال: 2021
ISSN: ['2666-2825', '2666-2817']
DOI: https://doi.org/10.1016/j.fsidi.2021.301190