28
Web Application Forensics - Practice
•Collect
files needed (logs, scripts/servlets), config, system files
•Wear
gloves
•Divide
and conquer – analyze by sessions, IPs
•Analyze
requests (develop and use automatic tools): suspicious characters,
HTTP methods, paths, ...
•Analyze
sessions: how does the session look, flow, speed