The success of computer forensics lies in the complete analysis of the evidence that is available. This is done by not only analyzing the evidence which is available but also searching for new concrete evidence. The evidence is obtained through the logs of the data during the cyberattack. When performing analysis of the cyberattack especially the botnet attacks, there are many challenges. First and the foremost is that it hides the identity of the mastermind, the botmaster. It issues the command to be executed using its subordinate, the command and control (C&C). The traceback of C&C itself is a complex task. Secondly, it victimizes the innocent compromised device zombies. This chapter discusses the analysis done in both proactive and reactive ways to resolve these challenges. The chapter ends by discussing the analysis to find the real mastermind to protect the innocent compromised system and to protect the victim system/organization affected by the botnet cyberattack.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.