AI-Powered Covert Botnet Command and Control on Osns

Total Page:16

File Type:pdf, Size:1020Kb

AI-Powered Covert Botnet Command and Control on Osns DeepC2: AI-powered Covert Botnet Command and Control on OSNs Zhi Wang, Chaoge Liu, Xiang Cui, Jiaxi Liu, Di Wu, Jie Yin Abstract—Command and control (C&C) is the essential com- TABLE I ponent of a botnet. In previous C&C using online social networks CARRIERS FOR BUILDING C&C CHANNELS (OSNs), the botmasters’ identifiers are reversible. After a bot is analyzed, the botmaster’s accounts can be predicted in advance. Year Name Platform Identity CMD Additionally, abnormal content from explicit commands may ex- 2009 upd4t3 [7] Twitter ID Base64 pose botmasters and raise anomalies on OSNs. To overcome these 2012 - [8] Twitter Token Plain 2014 Garybot [9] Twitter Token Encrypted deficiencies, we proposed DeepC2, an AI-powered covert C&C 2015 Hammertoss [3] Twitter DGA Plain method on OSNs. By leveraging neural networks, bots can find 2015 MiniDuke [10] Twitter DGA Base64 2015 - [6] Twitter DGA Tweets botmasters by avatars, which are converted into feature vectors 2017 ROKRAT [11] Twitter ID, Token Plain and built into bots. Defenders cannot predict the botmaster’s 2017 PlugX [12] Pastebin URL XOR accounts from the vectors in advance. Commands are embedded 2018 Comnie [13] GitHub URL Base64, RC4 2019 DarkHydrus [14] GoogleDrive URL Plain into normal contents (e.g., tweets and comments) using easy data 2020 Turla [5] Gmail Token Encrypted augmentation and hash collision. Experiments on Twitter show that command-embedded contents can be generated efficiently, and bots can find botmasters and obtain commands accurately. Security analysis on different scenarios show that it is hard to predict the botmaster’s avatars. By demonstrating how AI may help promote covert communication on OSNs, this work provides a new perspective on botnet detection and confrontation. Index Terms—Online Social Networks, Command and Control, Botnet, Convert Communication, Neural Networks I. INTRODUCTION A botnet refers to a group of compromised devices that are remotely controlled by a botmaster via command and control (C&C) channels [1]. Multiple types of attacks can be launched based on botnets, such as DDoS, spam and crypto-mining. Fig. 1. Commands posted by Hammertoss and MiniDuke Compared to other malware, the major feature of a botnet is that it has a one-to-many C&C channel, which receives commands from the botmaster and forwards them to bots. reversible botmaster identifiers (i.e., ids, links, tokens, and With the evolution of botnet, the construction of C&C chan- DGAs) have to hardcode into bots (see Table I). Once the nels has focused on concealment and has begun to utilize on- bots are analyzed by defenders, with the C&C infrastructure line web services [2], such as online social networks (OSNs), being exposed, all the botmaster’s accounts can be calcu- cloud drives, and online clipboards. For example, Hammertoss lated in advance. Additionally, in most cases, commands are (APT-29) [3] used Twitter and GitHub to publish commands published in plain, encoded or encrypted forms (see Fig. 1). and hide communication traces. HeroRat [4] used Telegram for These abnormal contents will expose C&C activities and raise arXiv:2009.07707v6 [cs.CR] 3 Sep 2021 C&C communication on Android devices. Turla [5] utilized anomalies on OSNs, triggering restrictions on botmaster’s Gmail to receive commands and to exfiltrate information to accounts and interrupting C&C activities. When OSNs block the operators. all the accounts from the botmaster, it is difficult for the bots OSNs have some features to build a good C&C channel. It to retrieve new commands and recover the C&C channel. is nearly impossible for OSNs to go offline. Users have access To reduce the anomaly of C&C communication on OSNs, to OSNs anytime with a networked device. Then, visiting Pantic et al. [6] proposed a method that embeds commands OSNs is allowed by most anti-virus software. This ensures the into tweets using tweet metadata (length). The length of a availability of the commands. As many people use the OSNs, tweet represents an ASCII code in decimal form. As at that the botmaster’s accounts can hide among normal users. Also, time a tweet had a maximum length of 140, 7 bits could be it is easy to limit the accounts but not easy to shut down conveyed through one tweet. While commands can be issued the OSNs. With the help of dynamic addressing, the bots can stealthily, the system has a low capacity. It needs to post N obtain commands from multiple accounts. tweets to publish a command of length N. However, there are still some deficiencies of building C&C The deficiencies above can be solved by introducing AI channels using OSNs. Firstly, to help bots addressing, the technology. Neural network models can obtain excellent accu- 1 racy in different tasks, but they have poor explainability [15]. II. BACKGROUND It is not clear how neural networks make decisions. Therefore, A. Botnet it is difficult to reverse the decision-making process. Neural network models also have good generalization ability and A botnet is composed of a botmaster, bots and a C&C fault tolerance. It can help to build block-resistant C&C channel. By reverse-engineering a bot, analysts will know communication. how the bot addressing and communicating with the C&C server [16]. Also, analysts will know all the botmaster’s The main idea of DeepC2 is as follows. To overcome the accounts (domains, IDs, etc.) and commands by running a deficiencies brought by reversible hardcoding, we use a neural bot. However, when the analysts know the commands, the network model for addressing. The bots find the botmaster’s bots in the wild also know the commands. From the defence accounts on OSNs by the avatars’ feature vectors. The feature perspective, it’s a failure [17]. Defenders should find and limit vectors are extracted by a neural network model. Defenders the botmaster’s accounts in advance. When addressing using cannot calculate and predict the avatars in advance through DGAs or IDs, the botmaster’s identifiers can be calculated in the model and vectors. Then, to eliminate the abnormal advance. It gives the defenders chances to defend the C&C. contents, we propose a new method to embed the commands Therefore, the key issue in designing a botnet is to design a into contextual and readable contents (we take Twitter and block-resistant C&C channel that even the analysts know the tweets as the example in this work). To achieve this, the detailed information about the C&C infrastructure, it is hard botmaster crawls tweets about a certain topic, and uses data to calculate the botmaster’s identifiers and limit the C&C in augmentation to generate a large number of related tweets. advance. Then the botmaster uses hash collision to get the command- embedded tweets from the generated ones and posts them. We B. Siamese Neural Network use Twitter trends as the rendezvous point for the bots and the The Siamese neural network [18] is effective in measuring botmaster. The botmaster crawls and posts tweets to a trending the similarity between two inputs. The two inputs accepted topic, and the bots can find the botmaster quickly among the by the Siamese neural network will feed into two identical Twitter users. After addressing, the commands can be parsed neural networks to generate two outputs. Like “Siamese” twins from the tweets posted by the botmaster’s accounts. sharing the same organs, the identical neural networks share The contributions of this paper are summarized as follows: the same architecture and weights. By calculating the distance between two outputs, the similarity between two inputs can • We propose a method to build a more block-resistant be measured. C&C communication on OSNs. Fig. 2 shows the architecture of the Siamese neural network. • We introduce neural networks to solve the problem of In this work, the two identical neural networks are CNNs [19]. reversible hardcoding in C&C addressing. They are used to extract feature vectors from avatars. Images • We propose a method for embedding commands into input into CNN models are converted into vectors of the natural semantic tweets to avoid anomalies caused by same length. Contrasting loss function [20] is used to help abnormal contents on OSNs. backpropagate error and train the model. • We also evaluate this method and discuss possible coun- termeasures to mitigate this kind of attack. CNN Image1 Ethical Considerations. The combination of AI and botnet is considered to be an upward trend. We cannot stop the evolution of cyberattacks, but we should draw attention to Shared weights the defenses in advance. The goal of this work is not to Contrastive loss CNN inspire malware authors to write more efficient malware but Image2 to motivate security researchers and vendors to find solutions for an emerging threat. To this end, we intend to provide this method to build a possible scenario to help prevent this kind of attack in advance. The remainder of this paper is structured as follows. Sec- tion II describes relevant backgrounds on the techniques in Fig. 2. Architecture of Siamese neural network this work. Section III presents the methodology for building the covert C&C channel. Detailed implementations are demon- strated in Section IV. Section V is the evaluations on the C. Easy Data Augmentation experiments. Section VI discusses possible contermeasures. Data augmentation is a technique to solve the insufficiency Section VII presents related works to this paper. Conclusions of training data. By applying data augmentation, researchers are summarized in Section VIII. can enlarge the existing dataset to meet the needs of training 2 TABLE II SENTENCES GENERATED BY EDA Extract feature vectors Publish bots with the Train the neural network model from pictures model and vectors Prepare some pictures Neural networks model Operation Sentence Vectors Pictures None Our TAXII server is going to be taking a short nap Twitter accounts RULES at 11am ET today for an update.
Recommended publications
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • Cyber Security for Chinese Taipei
    ___________________________________________________________________________ 2020/TEL61/SPSG/009 Agenda Item: 7 Cyber Security for Chinese Taipei Purpose: Information Submitted by: Chinese Taipei Security and Prosperity Steering Group Meeting 9 October 2020 Cyber Security for Chinese Taipei 1. International Cooperation (update to September 2020) Chinese Taipei actively cooperates with international cybersecurity organizations in incident handling and response. From January to August 2020, Chinese Taipei (TWNCERT) received and handled 735 incident reports from international cybersecurity organizations. The incidents mainly fall under the categories of malware, login attempt, spam and phishing. Chinese Taipei (TWNCERT) also issued 2,042 incident reports to 65 international cybersecurity organizations, mainly fall under the category of suspicious network attack, as well as spam host and infected system. TWNCERT is a member of Asia Pacific Computer Emergency Response Team (APCERT) Steering Committee and the convenor of Training Working Group. Chinese Taipei aims to provide a platform for APCERT community to share and exchange valuable experiences and foster collaboration among members, thus raising the comprehensive cybersecurity defense capabilities of the Asia Pacific region. From January to August 2020, Chinese Taipei had convened three live streaming training programs, with a total of 22 APCERT member teams participating. TWNCERT also participates in the APCERT Drill Working Group, planning the APCERT Drill 2020 which was held in March
    [Show full text]
  • Comments of the Center for Democracy & Technology
    Comments of the Center for Democracy & Technology Regarding Agency Information Collection Activities: Arrival and Departure Record (Forms I-94 and I-94W) and Electronic System for Travel Authorization 19 August 2016 The Center for Democracy & Technology appreciates the opportunity to provide comments to the Department of Homeland Security on its proposal to begin requesting disclosure of social media identifiers and other online account information from Visa Waiver Program applicants. DHS proposes to ask foreign visitors applying for a waiver of visa requirements to provide “information associated with [their] online presence,” including the “provider/platform” and “social media identifier” used by the applicant. While the details of this proposed information collection are unclear, DHS’s Notice of Collection Activities states that the solicited online identity information “will enhance the existing investigative process” and “provide DHS greater clarity and visibility to possible nefarious activity and connections” of visitors to the United States.1 CDT is deeply concerned that this proposal would invade the privacy and chill the freedom of expression of visitors to the United States and United States citizens. Under the proposed changes, visitors to the U.S. who seek admittance through the Electronic System of Travel Authorization (ESTA), or complete Form I-94W, will be subject to unspecified review and monitoring of their public online activity by U.S. Customs and Border Protection (CBP) officials. This program will also increase the surveillance of U.S. citizens, both as a result of their online connections to visitors to the U.S. and because other countries may seek similar information from U.S.
    [Show full text]
  • Applications: P
    Applications: P This chapter contains the following sections: • P10, on page 6 • Packet Radio Measurement, on page 7 • PACS, on page 8 • PaleMoon, on page 9 • Paltalk Chat, on page 10 • Paltalk File Transfer, on page 11 • Paltalk Messenger, on page 12 • Paltalk Video, on page 13 • Paltalk Voice, on page 14 • Panda, on page 15 • PandaTv, on page 16 • Pando, on page 17 • Pandora, on page 18 • Pandora Audio, on page 19 • Pandora TV, on page 20 • Panoramio, on page 21 • PAP, on page 22 • PAPI, on page 23 • Parallels, on page 24 • PARC Universal Packet, on page 25 • Parsec Gameserver, on page 26 • PartyPoker, on page 27 • PassGo Technologies Service, on page 28 • Password Change, on page 29 • Pastebin.com, on page 30 • Patch.com, on page 31 • Pathtest, on page 32 • Pathview, on page 33 • PAWSERV, on page 34 • Paybill, on page 35 • PayPal, on page 36 • Paytm, on page 37 Applications: P 1 Applications: P • PBS, on page 38 • PC Connection, on page 39 • PC Mall, on page 40 • PC-Duo, on page 41 • PcAnywhere, on page 42 • Pchome, on page 43 • PCMAIL, on page 44 • PCoIP, on page 45 • PDAP, on page 46 • PDBox, on page 47 • PDBox P2P, on page 48 • PDF Expert, on page 49 • PDL data streaming port, on page 50 • PDRE, on page 51 • PeerCast, on page 52 • PeerEnabler, on page 53 • Penultimate, on page 54 • People Of Walmart, on page 55 • People's Daily, on page 56 • People.com, on page 57 • Perf Analysis Workbench, on page 58 • PerfectIBE, on page 59 • Perforce, on page 60 • Periscope, on page 61 • Personal Link, on page 62 • PersonalLink, on page 63 • PFTP,
    [Show full text]
  • Declaration of Loretta Kraus, Part 3
    News 6 Reports Case 2:11-cv-11618-RHC-LJM Document 4-4 Filed 04/15/11 Page 1 of 92 Consumer Report Shocking Results In Our Special Report We Daily Health News Investigate Acai Berry... "I Went From Flabby To Fabulous in Under 4 Weeks, Here's How...." It sounds impossible right? That's what I thought. So we at News 6 Reports decided to investigate. This report details our findings. Before we get into the actual investigation results I want to tell you how we decided to test these miracle supplements. To get started, I volunteered to be the guinea pig. I poured over research for Acai Berry supplements. Studied 175 different suppliers. Only one supplier was honest, pure and brilliantly trustworthy enough for us to use in the test. Their bottle of Acai Ultra Lean has the most concentrated and purest Acai out of all the products we researched. Maria pictured above followed the same diet (And judging by reviews, they have the ultimate Acai product on the market). as Jane and contributes her incredible 30lb weight loss to the Acai and Colon Cleanse Luckily they had a Free Trial Option. I quickly took advantage of the free trial and diet. ordered a bottle for our test. By the way, waiting for the product to arrive was kind of like Christmas! I love shopping online and from magazines. Jane Clark put the hype to the test. Was she able to eat 3 delicious meals while losing weight at the same time? Does An Acai Berry + Colon Cleanse Diet Back to the report.
    [Show full text]
  • Comment Submitted by David Crawley Comment View Document
    Comment Submitted by David Crawley Comment View document: The notion that my social media identifier should have anything to do with entering the country is a shockingly Nazi like rule. The only thing that this could facilitate anyway is trial by association - something that is known to ensnare innocent people, and not work. What is more this type of thing is repugnant to a free society. The fact that it is optional doesn't help - as we know that this "optional" thing will soon become not-optional. If your intent was to keep it optional - why even bother? Most importantly the rules that we adopt will tend to get adopted by other countries and frankly I don't trust China, India, Turkey or even France all countries that I regularly travel to from the US with this information. We instead should be a beacon for freedom - and we fail in our duty when we try this sort of thing. Asking for social media identifier should not be allowed here or anywhere. Comment Submitted by David Cain Comment View document: I am firmly OPPOSED to the inclusion of a request - even a voluntary one - for social media profiles on the I-94 form. The government should NOT be allowed to dip into users' social media activity, absent probable cause to suspect a crime has been committed. Bad actors are not likely to honor the request. Honest citizens are likely to fill it in out of inertia. This means that the pool of data that is built and retained will serve as a fishing pond for a government looking to control and exploit regular citizens.
    [Show full text]
  • Fibre Optic Nonlinear Technologies [FONTE] - a European Industrial Doctorate [GA766115]
    Fibre Optic Nonlinear Technologies [FONTE] - A European Industrial Doctorate [GA766115] Document Details Title Deliverable 7.2 Interim Report on Publications and Public Engagement Activities completed Deliverable number D7.2 Deliverable Type Report (public) Deliverable title Interim Report on Publications and Public Engagement Activities completed Work Package WP7 – Impact, Dissemination and Outreach Description A complete overview of publications and Public Engagement Activities completed in the first 24 months of project FONTE Deliverable due date 31/05/2020 Actual date of submission 30/05/2020 Lead beneficiary Aston Version number V1.3 Status FINAL Dissemination level PU Public X CO Confidential, only for members of the consortium (including Commission Services GA 766115-FONTE Deliverable D7.2 Project Details Grant Agreement 766115 Project Acronym FONTE Project Title Fibre Optic Nonlinear Technologies Call Identifier H2020-MSCA-ITN-2017 Project Website fonte.astonphotonics.uk Start of the Project 1 June 2018 Project Duration 48 months Consortium EC Funding This project has received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 766115 GA 766115-FONTE Deliverable D7.2 Executive Summary This deliverable details the Scientific Research Output of Project FONTE and dissemination measures taken in terms of peer-reviewed publications, conference papers and talks, public deliverables as well as less formal settings of dissemination via seminars and event posters. The main aim of these dissemination activities is to make the research conducted both freely available and easily discoverable. Furthermore this deliverables summarised the host of Public Engagement Activities the consortium has been conducting, ranging from dedicated outreach activities lead by FONTE’s early stage researchers to the project’s presence on social media platforms and research networks, as well as covering posts, newsletters and ambassadorships.
    [Show full text]
  • A Study on College-Aged Students Habit of Reading Online Food Blogs Research Paper, English Composition III
    ENGLISH DEPARTMENT, FU JEN CATHOLIC UNIVERSITY GRADUATION PROJECT 2016 A Study on College-Aged Students Habit of Reading Online Food Blogs Research Paper, English Composition III Vondi Lin Lin 1 A Study on College-Aged Students Habit of Reading Online Food Blogs Have you ever consulted an online food blog when choosing a restaurant to dine in? Back in times when the Internet was not so prevalent, people received information mostly from television or print sources, such as advertisement flyers or magazines. However, with the development of the internet, the way people seek for information has been altered. TV news and print sources are no longer the major means of knowledge. According to a professor, Jill Walker Rettberg, in digital culture, “We have moved from a culture dominated by mass media…to one where participatory media is becoming the norm.”. People now prefer to look for information provided by either professionals or amateurs online. Moreover, the presence of online food blogs has also changed consumers’ decision making. According to the rankings made by famous Taiwanese blogging forum, Pixnet, out of the most popular 100 blogs, food blogs account for a largest proportion among all the other categories. People now tend to search for information in food blogs before deciding which places to eat. However, in “Bloggers’ Motivations and Behaviors,” researchers argue that despite the fact that blogs represent a new and interesting platform, most of the information they provide is unproven (472). But why do people still read them? What influence do online blogs have? According to Txàber Allué’, in his paper, “Food Sector Communication and Online Influencers,” it is said that with the rise of the Internet, “online influencers, whether bloggers or people with important digital profiles, have assumed a decisive role in creating opinion” (312).
    [Show full text]
  • (12) United States Patent (10) Patent No.: US 9.485,642 B2 Lin (45) Date of Patent: Nov
    USOO9485.642B2 (12) United States Patent (10) Patent No.: US 9.485,642 B2 Lin (45) Date of Patent: Nov. 1, 2016 (54) SYSTEM AND METHOD FOR REQUESTING (56) References Cited AND PROVIDING LOCATION-BASED ASSISTANCE U.S. PATENT DOCUMENTS 7,783,305 B2* 8/2010 Ross ................... HO4M 3.4936 (75) Inventor: Hung Yuan Lin, New Taipei (TW) 340,426.18 8,244,832 B1* 8/2012 McGuire ................. HO4W 4/20 (73) Assignee: Hung Yuan Lin, Taipei (TW) 455,121 (*) Notice: Subject to any disclaimer, the term of this (Continued) patent is extended or adjusted under 35 U.S.C. 154(b) by 534 days. FOREIGN PATENT DOCUMENTS TW 2003.01432 T 2003 (21) Appl. No.: 13/071,665 TW I241799 10/2005 TW 200742833 11/2007 (22) Filed: Mar. 25, 2011 Primary Examiner — Phuoc Nguyen (65) Prior Publication Data (74) Attorney, Agent, or Firm — Bacon & Thomas, PLLC US 2012/OOO5285 A1 Jan. 5, 2012 (57) ABSTRACT (30) Foreign Application Priority Data The present invention provides a method for requesting location-based assistance executed on a mobile device of an Mar. 26, 2010 (TW) ............................... 99.109 162 A assistance requester, and a method and system for providing Mar. 26, 2010 (TW) ............................... 99205370 U location-based assistance executed on a server of a joint assistance service provider. The present invention integrates (51) Int. Cl. mobile positioning and telecommunications technologies to G06F 5/16 (2006.01) provide assistance provision information. In the present H0474/22 (2009.01) invention, an assistance request module of the mobile device G06O 10/10 (2012.01) is activated for execution to locate the assistance requester; HO4M 1/725 (2006.01) assistance request information containing the assistance (Continued) requester's location information is transmitted to the server (52) U.S.
    [Show full text]
  • Download and Print out the Template)”
    A Thesis Submitted for the Degree of PhD at the University of Warwick Permanent WRAP URL: http://wrap.warwick.ac.uk/149219 Copyright and reuse: This thesis is made available online and is protected by original copyright. Please scroll down to view the document itself. Please refer to the repository record for this item for information to help you to cite it. Our policy information is available from the repository home page. For more information, please contact the WRAP Team at: [email protected] warwick.ac.uk/lib-publications How do social media affect Taiwanese people’s participation in social movements under the Ma Ying-Jeou administration between 2008 and 2016 Pei-Hsin Gwenyth Wang A dissertation submitted for the degree of Doctor of Philosophy to the Department of Politics and International Studies at the University of Warwick March 2019 3 Table of Contents List of Figures 6 List of Tables 6 List of Pictures 6 Acknowledgements 7 Declaration 8 Abstract 8 List of Abbreviations 9 Chapter 1 Introduction 10 1.1 Sunflower Movement takes social movements in Taiwan to 15 another level 1.2 Outline of the Study 25 Chapter 2 Literature Review 2.1 Introduction 32 2.2 Citizenship 33 2.3 Is it possible young citizens’ perception of citizenship might 43 have been changed? 2.4 New forms of political participation 49 2.5 Is “digital citizenship” a potential form of citizenship in the 56 online world? 2.6 Converged technology; multiplied networks 65 2.7 Conclusion 78 Chapter 3 – Citizenship in Taiwan, a case study 3.1 Introduction 80 3.2 Taiwan’s democratisation development 86 3.3 Taiwan after the 2016 presidential election 101 3.4 Key factors behind Taiwan’s democratisation process 108 3.5 Research method 121 3.6 Conclusion 125 Chapter 4 – Resurgence of Social Movement in Taiwan 4.1.
    [Show full text]
  • Computer Forensics of Dcard Application on Windows 10
    Scholars Journal of Engineering and Technology (SJET) ISSN 2321-435X (Online) Sch. J. Eng. Tech., 2017; 5(10):561-570 ISSN 2347-9523 (Print) ©Scholars Academic and Scientific Publisher (An International Publisher for Academic and Scientific Resources) www.saspublisher.com Computer Forensics of Dcard Application on Windows 10 Ching-Yu Lin1, Ming-Sang Chang2* 1,2Department of Information Management, Central Police University, Taoyuan, Taiwan Abstract: Nowadays, with the great popularity of social networking sites, many people *Corresponding author have gradually changed their way of living habits. There are varied social networking sites Ming-Sang Chang coming out, such as Facebook, Twitter, Instagram, YouTube, Dcard and so on. Furthermore, social networking sites have already made people more convenient to make Article History friends and communicate with each other much easier than before. However, there are Received: 17.10.2017 some problems we should concern. Thanks to the cyber worlds are flourishing, there are Accepted: 25.10.2017 several kinds of crimes emerge in endlessly in recent years. This paper focuses on the Published: 30.10.2017 computer forensics of Dcard application by running on two different browsers, including Google Chrome and Microsoft Edge. They are running respectively under windows 10 DOI: operating systems. In this paper, we strive to search the digital evidence that user has been 10.21276/sjet.2017.5.10.6 done on the computer. We make good use of authoritative computer forensic tools to obtain significant evidences and analyze the correlation between these evidences in detail. Besides, this paper finds that which behavior of suspect will leave what kind of evidence in the computer.
    [Show full text]
  • Social Media Marketing - Companies & Consumers - Comparison Taiwan/Austria
    Social Media Marketing - Companies & Consumers - Comparison Taiwan/Austria Master´s Thesis to confer the academic degree of Master of Science in the Master´s Program Webwissenschaften (Studienzweig Web Business & Economy) Author: Anja Denise Leherbauer Submission: Institut für Datenverarbeitung in den Sozial- und Wirtschaftswissenschaften Supervisor: A.Univ.-Prof.Dr.Dr. Johann Höller July 2015 MASTER'S T H E S I S ABSTRACT Social media and numerous social networks are not only influencing the lifes of private individuals, furthermore these developments present new challenges and opportunities for companies. One important factor of the evolution of social media is the changed role of the consumer. Nowadays it is not enough anymore to perform an uni-directional communication with the consumer. The picture, especially in case of social media marketing, has changed. Consumers do not only have the possibility to provide feedback in reaction to companies' actions; moreover, consumers can stimulate brand-, product or company-related discussions on social media. In line with this, companies have to react to the new position of the consumer in an appropriate way. Therefore the purpose of this work is not only to analyze the literature of social media and social media marketing, but also to gain a better understanding of the consumer. One important part of the work is looking at social media marketing from a consumer's point of view and investigating motives and actions of consumers in line with social media marketing activities of companies. For this reason, a focal point of this paper is a quantitative analysis to investigate a certain group of consumers, without any claim for representativeness.
    [Show full text]