Press "Enter" to skip to content

IT forensics: evaluate and understand browser history

table of contents

Attackers like to take advantage of people’s good faith. In doing so, they induce them to divulge confidential information or to take undesirable actions. Such social engineering attacks are often the start of a cyber incident. The user is motivated to visit a phishing website or run malware under a pretext. This part of the tutorial uses a real ransomware case to show how KAPE and NirSoft’s BrowsingHistoryView can be used to track visits to such websites and the downloading of malware.

For an attack to be successful, attackers must gain access to a first system. From here they can spread further in the area. This initial compromise can take place in three ways: by exploiting a compromised user account to log into a remote access service, by infecting an end-user device with malware or by exploiting a security vulnerability in a system that can be accessed from the Internet. Social engineering attacks are particularly suitable for the first two entry routes.

Employees, for example, are encouraged to reveal their user data under a pretext. To do this, the attacker creates a clone of a familiar registration form of the company that is accessible from the Internet, for example the webmail login. He then pretends to be an employee of the IT department and asks his colleagues to log into the new webmail service on the supposedly trustworthy website in order to initiate a data migration. With a phishing email, this attack can target a large number of employees. To increase the chances of success, employees with the same story can be contacted by phone. This attack is known as vishing (voice phishing).

  • Access to all heise + content
  • exclusive tests, advice & background: independent, critically well-founded
  • Read c’t, iX, MIT Technology Review, Mac & i, Make, c’t photography directly in your browser
  • register once – read on all devices – can be canceled monthly
  • first month free, thereafter € 12.95 per month
  • Weekly newsletter with personal reading recommendations from the editor-in-chief

Start FREE month

Start your FREE month now

Already subscribed to heise +?

Sign up and read

Register now and read articles right away

More information about heise +

Article Source

Disclaimer: This article is generated from the feed and not edited by our team.