Backtracking Tool Root-Tracker to Identify True Source of Cyber Crime
Patil Rachana Yogesh, Devane Satish R.
Abstract
The main goal of the network forensic tools is to collect legal evidence of cybercrime from the network environment by capturing, recording and analyzing the network packets. Such tools aim to determine the source of network security attacks. Majority of existing network forensic tools are based on the concept of IP traceback that helps the investigator to reach up to the source of a cyberattack. However, the limitation of these existing techniques is that the investigation ends at the edge router or ISP of the attacker. But the original attacker is hiding somewhere behind the ISP. Reaching up to them is the most critical aspect of network forensics. This paper broadly aims at building secure and forensically sound framework called Root-tracker for Identification of real source of cybercrime by reaching beyond the ISP. The approach of device fingerprinting is used for unique identification of criminal device which will act as legal and infallible evidence in court of law. Root Tracker has been implemented as a prototype and deployed on AWS. Testing is done in real time environment and the results shows that Root-Tracker is able to verify the evidences partially. Even if the attacker tries to format the system or modifies any of device parameter Root-Tracker can still identify the attacker device and generates partial evidence match report.