Computer forensic analisys of some web attacks

Symantec Internet Security Threat Report 2014 is showing a horrified fact, that when an attacker looked for a site to compromise, one in eight sites made it relatively easy to gain access. Many attackers are arrested due to the evidences obtained by computer forensics. The victim machine usually gives some data, which are then used for identifying possible suspects, which is followed by forensic analysis of their devices, like computers, laptops, tablets, and even smart phones. In this paper, we use an attack scenario on the known vulnerable web application WackoPicko, of three types of attacks: SQL Injection, stored XSS, and remote file inclusion, usually performed by using a web browser. We use post-mortem computer forensic analysis of attacker and victim machine to find some artifacts in them, which can help to identify and possible to reconstruct the attack, and most important to obtain valid evidence which holds in court. We assume that the attacker was careless and did not perform any anti-forensic techniques on its machine.