Forensic methods for detecting digital banking vulnerabilities

Pernebayev Sanzhar, Shuiishbayev Nuruddin

Department of intelligent systems and cybersecurity, cybersecurity, cs-2009, Astana IT University,
Astana, Kazakhstan, 202140@astanait.edu.kz
Department of intelligent systems and cybersecurity, cybersecurity, cs-2009, Astana IT University,
Astana, Kazakhstan, 202017@astanait.edu.kz

Abstract:
In order to identify the most common vulnerabilities and offer effective tools for their
identification, the paper examines forensic techniques used to find flaws in online banking systems.
The research included case studies on weaknesses in online banking as well as an analysis of
current forensic investigation techniques. The survey discovered that the most common weaknesses
in digital banking systems are phishing schemes, malware, social engineering, and insufficient
authentication methods. The essay emphasizes the significance of regularly doing security audits
and utilizing a multi-layered security strategy, and indicates that forensic techniques like as file
analysis, memory forensics, and network analysis can be utilized to uncover these weaknesses. The
study's findings may aid forensic investigators, law enforcement agencies, and banking institutions
in enhancing the security of digital financial systems. The article also covers the risks connected to
the extensive use of technology in online banking, such as malware attacks, which can cause the
economy to suffer substantial financial losses. Also, the essay highlights the usage of less well-
known techniques for identifying malware using EnCase Guidance Software by describing
successful cases of malware detection utilizing EnCase - ThreadGrid and open-source tools like
Autopsy.
Keywords: digital banking; forensic methods; security audits; network analysis; memory
forensics; banking system.

The text of the article should be divided into parts and the headings should be signed:
Abstract. Keywords. Introduction (Literature review). Materials and methods. Results. Discussions.
Conclusions. Acknowledgements (optionally). References.
Introduction (literature review).
The research topic of forensic methods for detecting digital banking vulnerabilities is crucial
as it addresses a significant issue in the field of digital security. The increasing reliance on
digital banking systems has led to a rise in cyber-attacks targeting these systems, resulting in
financial losses and damage to the reputation of financial institutions. Therefore, developing
effective forensic methods for detecting and preventing these attacks is essential for ensuring the
security and integrity of digital banking systems (Aljawarneh, 2017). This research will contribute
to the existing literature in the field by providing an in-depth analysis of current forensic methods
used for detecting digital banking vulnerabilities and identifying areas for improvement.
Additionally, the research will propose new forensic methods for detecting digital banking
vulnerabilities, which will make digital banking systems more secure and efficient. The proposed
methods will be based on the latest research in the field, including studies on electromagnetic side-
channel attacks and cognitive and human factors in digital forensics (Nina & Itiel, 2019).
The research will benefit society by improving the security of digital banking systems, which
will protect consumers' financial information and assets and prevent financial institutions from
losing money. Furthermore, it will help to reduce the impact of cyber-attacks on the economy, as
financial institutions are an important part of the economy, and the damage caused by cyber-attacks
to them could affect the entire economy. (Alzoubi et al, 2022)
Specific beneficiaries of this research include financial institutions and consumers who rely
on digital banking systems. Financial institutions will benefit from the research by being able to
implement more effective forensic methods for detecting and preventing cyber-attacks, which will
protect their financial assets and reputation. Consumers will benefit by having more secure digital
banking.

Main part:
Methods (research methodology) - The study used a quantitative research design to create a
tool for identifying these vulnerabilities after identifying the common patterns and trends in digital
banking problems. The quantitative research methodology entailed gathering information on the
most common vulnerabilities and utilizing statistical techniques to analyze it in order to spot
patterns and trends. The most effective and efficient forensic techniques for finding vulnerabilities
in digital banking were determined with the help of the statistical analysis.
A methodical strategy was employed to find pertinent sources in order to perform a thorough
evaluation of the literature and case studies. Keywords including "digital banking vulnerabilities,"
"forensic investigative methodologies," "cybersecurity dangers," and "online banking fraud" were
combined to conduct the search. ACM Digital Library, IEEE Xplore, Google Scholar, and other
electronic databases were used in the search, along with pertinent academic publications and
conference proceedings.
To find common patterns and trends in digital banking vulnerabilities, a thorough study was
performed after gathering the pertinent literature and case studies. The investigation involved a
rigorous review of the literature to pinpoint the most prevalent categories of vulnerabilities in digital
banking. The most widely utilized forensic investigation approaches for finding vulnerabilities in
digital banking were also identified thanks to the literature research.
A poll of specialists in cybersecurity and digital banking was undertaken to further
corroborate the study's conclusions. Participants were asked to rate the efficiency of the suggested
forensic techniques for finding vulnerabilities in digital banking. The tool was improved using the
survey findings to make sure it was valid and dependable.
The development of a trustworthy and efficient tool for identifying these vulnerabilities was
made possible by this methodology, which allowed for a thorough investigation of the weaknesses
in digital banking.
Transactions in banking sector
In the banking industry, customers can perform transactions using different methods such as
the Automatic Teller Machine (ATM), online banking or internet banking, and SWIFT fund
transfer. The ATM allows customers to perform transactions without the presence of a bank
representative. When a customer inserts their card and enters the necessary details, the information
is verified from the bank's servers. The internal structure of the ATM is depicted in Figure 2.
Additionally, the SWIFT fund transfer is another method for banking transactions. Attackers often
target the vulnerabilities in the routine procedures or system and select their target for an attack.
To conduct a comprehensive forensic analysis in the banking sector, it is essential to
understand the whole structure and working of the banking elements. The structure and working of
the general ATM internal diagram are shown in Figure 1. To enhance IT security in the banking
sector, updated techniques and technologies should be implemented to prevent attacks and ensure
the protection of customer data.
Forensic Investigation:
As ordered by the CERT-In team, the forensics team investigated the bank crime scene to find
suspected infected servers and systems that were in "switch-on" mode but disconnected from the
internet connection line. The forensic team conducted the investigation in two parts because the
majority of the servers were situated in a virtual environment.
The initial stage was to gather digital evidence from the bank, which included obtaining 12
server images in a virtual setting using FTK imager. The team obtained all necessary suspected
servers' photos after gaining access to the virtual machine's access point, saved them on the access
point server, and collected all images on storage devices. The team also gathered user information,
other bank details, third-party application list, whitelisted application, user details, network
connection details, log files of network devices like SIEM logs and Firewall Logs, internal banking
system structure, Intranet and internet application details of the bank, and CCTV footage.
Analyzing the gathered digital evidence was the second stage. The collected photos featured a
variety of operating systems, including the bank's AIX (IBM proprietary operating system), Linux,
and the Windows version.
Data from Applications:
Data was gathered by the forensic team from a variety of programs, including configuration
options, logs, application and network architecture, Exchange Server, emails, online activity,
data/file sharing, and security apps. They recognized any suspected phishing emails by comparing
the data acquired with the list of IP addresses and email IDs that had been whitelisted. This
investigation assisted in identifying potential security holes and weaknesses in the online banking
system.

Results (and future work).

The findings of our analysis show that phishing schemes, malware, social engineering, and
loose authentication methods are the most frequent vulnerabilities in digital banking systems. These
flaws were discovered after an examination of the available case studies and research on digital
banking flaws. Additionally, we discovered that these vulnerabilities can be uncovered using
forensic methods like file analysis, memory forensics, and network analysis.
We also discovered that a multi-layered security strategy and regular security audits are
essential for lowering the risks connected with digital banking vulnerabilities. Our analysis
emphasizes the need of putting these security precautions in place to guarantee the integrity and
safety of digital financial systems.

Discussions.
The study found that digital banking systems are most vulnerable to phishing schemes,
malware, social engineering, and weak authentication methods. Forensic techniques such as file
analysis, memory forensics, and network analysis can be used to uncover these vulnerabilities. The
study emphasizes the importance of regular security audits and a multi-layered security strategy to
reduce risks associated with digital banking vulnerabilities. The results may aid forensic
investigators, law enforcement agencies, and banking institutions in enhancing the security of
digital financial systems. The study also highlights the risks associated with extensive use of
technology in online banking and the use of less well-known techniques for identifying malware
such as EnCase Guidance Software and open-source tools like Autopsy.

Conclusion.
In conclusion, this scientific work focused on exploring forensic methods for detecting
vulnerabilities in digital banking, particularly in mobile banking systems. The study utilized a
mixed-methods approach, including literature review, case study analysis, experimentation, and
surveys. The research discovered that various digital forensics techniques and tools can be
employed to uncover digital banking vulnerabilities. However, these methods have limitations, such
as the complexity of devices and the need for specialized knowledge and skills. The study
recommends that future research should concentrate on developing more effective digital forensics
methods for detecting mobile banking vulnerabilities and further investigating the challenges and
limitations of using these methods. The findings of this research provide valuable insights for
digital forensics experts, mobile banking developers, and researchers working in the field of mobile
banking security. The significance of this work lies in the importance of maintaining secure digital
banking systems, which are crucial for ensuring the integrity and safety of the financial sector.
 References

1. Aljawarneh, S. A. (2020). Online banking security measures and data protection. Hershey,

PA: Information Science Reference.

2. Asanka, S., Nhien-An, L., & Mark, S. (2020). A survey of electromagnetic side-channel

attacks and discussion on their case-progressing potential for digital forensics. Digital

Investigation, 29, 43-54. https://doi.org/10.1016/j.diin.2019.03.002

3. Alzoubi, H. M., Ghazal, T. M., Hasan, M. K., Alketbi, A., Kamran, R., Al-Dmour, N. A., &

Islam, S. (2022). Cyber security threats on Digital Banking. 2022 1st International

Conference on AI in Cybersecurity (ICAIC), 98-96966.

https://doi.org/10.1109/icaic53980.2022.9896966

4. Dnyandev, N., Rajendra, N. K., Vishal, P., Krishna, K. (2020). Forensic Analysis Overview

of Banking System Malware. International Journal of Science and Research (IJSR) (pp. 1-2).

https://www.ijsr.net/archive/v10i3/SR21303092717.pdf

5. Mohammed, I. A. (2021). Digital Forensics in Cyber Security - Recent Trends, Threats, and

Opportunities. Cybersecurity Threats with New Perspectives (pp. 2-3).

https://www.intechopen.com/chapters/76151

6. Mukama, G. (2022). A Digital Forensic Framework of Fraud Investigation and Prevention

for Mobile Financial Services. Directorate of graduate studies, research and innovations (pp.

1-2). https://ir.busitema.ac.ug/bitstream/handle/20.500.12283/1786

7. Nilay, Y., & Asaf, V. (2020). A Research on Security Vulnerabilities in Online and Mobile

Banking Systems. Institute of Electrical and Electronics Engineers Xplore (IEEE Xplore)

(pp. 1-2). https://ieeexplore.ieee.org/document/8757495

8. Nina, S. & Itiel, E. D. (2020). Cognitive and human factors in digital forensics: Problems,

challenges, and the way forward. Digital Investigation, 29, 101-108.

https://doi.org/10.1016/j.diin.2019.03.011

9. Oluwafemi, O., Uthman, L. M., Nanfa, N. N., Andrew, A. U., Sanjay, M. (2020). Forensic
 Analysis of Mobile Banking Apps. Springer Nature Switzerland AG (pp. 1-2).

https://link.springer.com/chapter/10.1007/978-3-030-24308-1_49

10. Shewangu, D. (2020). Digital Forensic Technologies As E-fraud Risk Mitigation Tools In

The Banking Industry: Evidence From Zimbabwe. Risk governance & control: financial

markets & institutions / Volume 4, Issue 2, 2014, Continued – 1 (pp. 2-4).

https://www.readcube.com/articles/10.22495