截至目前為止所發生的TB級DDoS攻擊，其龐大的殭屍大軍多數來自於IoT連線設備。倘若駭客利用殭屍大軍針對工業基礎設施發動DDoS攻擊，可能會造成非同小可的傷害。而目前IoT發展已來到第四階段，也就是透過既有的Web標準來達成設備間互相通訊，稱之為WoT。對於新的趨勢，所會面臨到的安全議題不僅止於IoT連線設備，亦包含Web應用程式漏洞。而諸如無痕瀏覽模式、自我刪除的惡意程式等匿蹤技術的發展，使得鑑識人員於調查過程中遇到阻礙。因此，本研究藉由記憶體鑑識技術針對WoT時代可能會發生的攻擊手法進行探討。

Currently, most of the DDoS attacks that exceed 1 TB per second are executed from large-scale-IoT botnets. If these attacks were aimed at critical industrial infrastructure, it could have caused damage to our society at an extraordinary scale. The rising threat of DDoS attacks are fueled by the increased development of IoTs, which has now reached its fourth stage, called the WoT. WoT is a term used to describe approaches, software architectural styles and programming patterns that allow previously IoT objects to be part of the World Wide Web. As WoT approaches reality, on-device vulnerabilities are no longer the only problem that must be considered in a security assessment, Web application vulnerabilities must be considered as well. Additionally, Forensic investigators now encounter new challenges that increase the difficulty of investigation, with some examples being privacy browsers and self-deleting malware. As a potential solution to those challenges, this thesis discusses how memory forensic can be used to discover the cyber-criminal in a WoT crime.

[1]W. Ahmed and B. Aslam, "A comparison of windows physical memory acquisition tools," IEEE Military Communications Conference (MILCOM), pp. 1292-1297, 2015.
[2]I. Balasundaram and E. Ramaraj, "An Authentication Scheme for Preventing SQL Injection Attack Using Hybrid Encryption," European Journal of Scientific Research, vol. 53, no. 3, pp. 359-368, 2011.
[3]R. Dave, N. Mistry and M.S. Dahiya, "Volatile Memory Based Forensic Artifacts & Analysis," International Journal for Research in Applied Science and Engineering Technology (IJRASET), vol. 2, no. 1, pp. 120-124, 2014.
[4]S. Dija, G.S. Suma, D.D. Gonsalvez and A.T. Pillai,"Forensic reconstruction of executables from Windows 7 physical memory," IEEE International Conference on Computational Intelligence and Computing Research (ICCIC), pp. 1-5, 2016.
[5]X. Fu, X. Du, B. Luo, J. Shi, Z. Guan and Y. Wang, "Correlating processes for automatic memory evidence analysis," IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 115-120, 2015.
[6]A. Ghafarian and S.A.H. Seno, "Analysis of Privacy of Private Browsing Mode through Memory Forensics," International Journal of Computer Applications, vol. 132, no. 1, pp. 27-34, 2015.
[7]K. Hausknecht, D. Foit and J. Burić, "RAM data significance in digital forensics," International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1372-1375, 2015.
[8]A. Heriyanto, C. Valli and P.Hannay, "Comparison of Live Response, Linux Memory Extractor (LiME) and Mem Tool for Acquiring Android’s Volatile Memory in the Malware Incident," Australian Digital Forensics Conference, pp. 5-14, 2015.
[9]Q. Hua and Y. Zhang, "Detecting Malware and Rootkit via Memory Forensics," International Conference on Computer Science and Mechanical Automation (CSMA), pp. 92-96, 2015.
[10]R. Johari and N. Gupta, "Secure Query Processing in Delay Tolerant Network Using Java Cryptography Architecture,"International Conference on Computational Intelligence and Communication Networks, pp. 653-657, 2011.
[11]R. Johari and N. Gupta, "Insecure Query Processing in the Delay/Fault Tolerant Mobile Sensor Network (DFT-MSN) and Mobile Peer to Peer Network," International Conference on Network Security and Applications, pp. 453-462, 2011.
[12]D. Kaur and P. Kaur, "Empirical Analysis of Web Attack," Procedia Computer Science, vol. 78, no. 1, pp. 298-306, 2016.
[13]B.S. Ke, J.S. Lin, S.J. Wang, and H.K. Tso, "Private Browsing Evidence of Google History Investigations in Computer Forensics," Journal of e-Business, vol. 16, no. 1, pp. 85-106, 2014.
[14]A. Kieyzun, P.J. Guo, K. Jayaraman, and M.D. Ernst, "Automatic creation of SQL Injection and cross-site scripting attacks," IEEE International Conference on Software Engineering, pp. 199-209, 2009.
[15]C. Liming, S. Jing and Q. Wei, "Study on Forensic Analysis of Physical Memory," International Symposium on Computer,Communication, Control and Automation (3CA ), pp. 221-224, 2013.
[16]M. Moh, S. Pininti, S. Doddapaneni, and T.S. Moh, "Detecting Web Attacks Using Multi-Stage Log Analysis," IEEE International Conference on Advanced Computing (IACC), pp. 733-738, 2016.
[17]D.N. Patil and B.B. Meshram, "Digital Forensic Analysis of Ubuntu File System," International Journal of Cyber-Security and Digital Forensics, vol. 5, no. 4, pp. 175-186, 2016.
[18]Periyadi, G. A. Mutiara and R. Wijaya, "Digital forensics random access memory using live technique based on network attacked," International Conference on Information and Communication Technology (ICoIC7), pp. 1-6, 2017.
[19]N.L. Petroni, A.Walters, T.Fraser and W.A. Arbaugh, "FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory," Digital Investigation, vol. 3, no. 4, pp. 197-210, 2006.
[20]R. Putthacharoen and P. Bunyatnoparat, "Protecting Cookies from Cross Site Script Attacks using Dynamic Cookies Rewriting Technique," International Conference on Advanced Communication Technology (ICACT), pp. 1090-1094, 2011.
[21]N.B. Said, F. Biondi, V. Bontchev, O. Decourbe, T.G. Wilson, et al, "Detection of Mirai by Syntactic and Semantic Analysis", 2017.
[22]B. Schatz, "BodySnatcher: towards reliable volatile memory acquisition by software," Digital Investigation, vol.4, no.1, pp. S126 -S134, 2007.
[23]J. Seo, S. Lee, and T. Shon, "A study on memory dump analysis based on digital forensic tools," Peer-to-Peer Networking and Applications, vol. 8, no. 4, pp. 694-703, 2015
[24]C. Sharma and S. C. Jain, "Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications,"International Conference on Advances in Engineering & Technology Research (ICAETR), pp. 1-6, 2014.
[25]H. Sinanović and S. Mrdovic, "Analysis of Mirai malicious software," International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp. 1-5, 2017.
[26]N. Suteva, and A. Mileva, "Computer Forensic Analysis of Some Web Attack," World Congress on Internet Security (WorldCIS), pp. 42-47, 2014.
[27]M. Thapliyal, A. Bijalwan, N. Garg, and E. Pilli, "A Generic Process Model for Botnet Forensic Analysis," Conference on Advances in Communication and Control Systems (CAC2S), pp. 98-102, 2013.
[28]Q. Zhang, H. Chen, and J. Sun, "An Execution-flow Based Method for Detecting Cross-Site Scripting Attacks, " International Conference on Software Engineering and Data Mining, pp. 160-165, 2010.
[29]Open Web Application Security Project, "OWASP Top Ten Project, " Retrieved March 1, 2017 from http://www.owasp.org/index.php/Category: OWASP Top Ten Project.
[30]Gartner, "Leading the IoT," Retrieved June 1, 2018 https://www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf.
[31]Kaspersky, Retrieved July 1, 2018 from http://www.199it.com/archives/723914.html.
[32]WhiteHat Security, "12th Annual Application Security Statistics Report, " Retrieved July 11, 2017 from https://info.whitehatsec.com/rs/675-YBI-674/images/WHS%202017%20Application%20Security%20Report%20FINAL.pdf?mkt_tok=eyJpIjoiTWpZMVpU-UmxZVEF3TlRkaCIsInQiOiJTQVdQbzlLNlBSSGM0XC96VkZaa2NEbk4ySzBLTGc1QzN4R3JrdG95b2FLRlNSdndiSUlNOUxDUm-hvMUo3WmNrN1VtbThGWGE5a015TlpGS1lMak01azA5azQ1NXRoQnVvbDJTWlRac2Ezc05BbEd2VVQrXC82N042WFF3NmE2MzB1In0%3D.
[33]IoT Developer Survey, " IoT Developer Survey Results," Retrieved July 19, 2018 from https://www.slideshare.net/kartben/iot-developer-survey-2018.
[34]iThome, Retrieved June 1, 2018 from https://www.ithome.com.tw/news/110135.