| With the popularity of the Internet and World Wide Web (WWW), Web applications have become the main media for doing common activities including online banking, business and government activities, social networking, web email etc. Most of the web applications are dependent on users input data. Web applications dependence on user input data, web browser, and stateless HTTP protocol, excessive use of different client side technologies such as Java Script, ActiveX etc., and usage of poor API makes them vulnerable to many security attacks.;Also Internet has become the primary platform for cybercrimes. There is urgent need for systematic view of real world cybercrimes and real world case investigations in digital forensics education especially network forensics education. It is important to understand the cybercrime strategies and details of cybercrimes for cybercrime investigation. We have modeled the cyber attacks and their investigation, and then related modeling to analyze to real-world cases.;In this thesis, we have explicitly defined three basic crime strategies as computer focused strategy, computer assisted strategy, and non-cyber strategy (traditional crime strategy) and modeled a real world cybercrime case as a sequence of crimes using these three basic strategies. We have also designed and implemented a cybercrime web database system documenting and classifying cybercrimes reported various venues. We have performed penetration testing and take steps to secure this cybercrime web database system from different web application vulnerabilities especially from XSS, CSRF, Clickjacking, and SQLI attacks using their state of art defense techniques. |
