A practical procedure for collecting morevolatile information in live investigation of botnet attack

Abstract

Nowadays because of the growth of internet usage in all over the world, users of this global service are faced with many different threats. Attackers are trying to improve their methods in order to penetrate the users’ machines to misuse their systems and their information. Most of the cyber-crimes are the result of one attack to a user or a network of many users. One of the important attacks in this area is Botnet which is controlling some compromised computers by an attacker remotely in terms of specific victim. This study tries to propose and implement a procedure in order to extract information and footprints of infected system with Botnet in order to reconstruct the Botnet attack and prepare a digital evidence package which shows the malicious activities and malicious files of this attack to present in a court.