Digital Forensics and Cyber Crime. 4th International Conference, ICDF2C 2012, Lafayette, IN, USA, October 25-26, 2012, Revised Selected Papers

Research Article

BREDOLAB: Shopping in the Cybercrime Underworld

Download158 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-39891-9_19,
        author={Daan Graaf and Ahmed Shosha and Pavel Gladyshev},
        title={BREDOLAB: Shopping in the Cybercrime Underworld},
        proceedings={Digital Forensics and Cyber Crime. 4th International Conference, ICDF2C 2012, Lafayette, IN, USA, October 25-26, 2012, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2013},
        month={10},
        keywords={BredoLab Botnets Law-Enforcement Investigations Malware Forensics Forensic Investigation Models},
        doi={10.1007/978-3-642-39891-9_19}
    }
    
  • Daan Graaf
    Ahmed Shosha
    Pavel Gladyshev
    Year: 2013
    BREDOLAB: Shopping in the Cybercrime Underworld
    ICDF2C
    Springer
    DOI: 10.1007/978-3-642-39891-9_19
Daan Graaf1,*, Ahmed Shosha2,*, Pavel Gladyshev2,*
  • 1: Netherlands’ Police Agency
  • 2: University College Dublin
*Contact email: Daan.De.Graaf@nhtcu.nl, Ahmed.Shosha@ucdconnect.ie, Pavel.Gladyshev@ucd.ie

Abstract

A recent emerging trend in the underground economy is malware dissemination as a service. Complex botnet infrastructures are developed to spread and install malware for third-party customers. In this research work, a botnet forensic investigation model is proposed to investigate and analyze large-scale botnets. The proposed investigation model is applied to a real-world law-enforcement investigation case that involves investigation of a large-scale malware dissemination botnet called BredoLab. The results of the forensic investigation show the effectiveness of the proposed model in assisting law-enforcement to conduct a successful forensic analysis of BredoLab botnet and its related resources.