Constructing Cyber Terrorism Trace Pattern for Forensic Investigation Process Siti Rahayu Selamat, Nurhashikin Mohd Salleh, Robiah Yusof, Shahrin Sahib Faculty of Information Technology and Communication Universiti Teknikal Malaysia Melaka (sitirahayu@utem.edu.my, nurhashikin@gmail.com, robiah@utem.edu.my, shahrinsahib@utem.edu.my) Abstract- As the use of Internet is increased, the number of cyber threats are also increased. One of the crime increased is cyber terrorism. This crime is also became sophisticated and critically to traced. Hence, in this paper, a general cyber terrorism trace pattern is constructed to against cyber terrorist attack. For the purpose of this paper, the cyber terrorist websites are used as the datasets. The cyber terrorist’s activities are identified by tracing and extracting traces from the websites. Then, these traces are mapped in order to formulate the trace pattern. This trace pattern can be used in facilitating the forensic investigator in identifying the origin of the attack during the investigation process. Keywords-cyber space, cyber terrorism, tracing, traces, trace pattern I. INTRODUCTION Cyber terrorism has become serious issue and increase sophisticated. It is because the threat of cyber terrorism and the misuse of the Internet for terrorist purposes are particularly alarming because our society is dependent on computer systems and the Internet [16]. In addition, [1] reported that the number of crimes involving computers and internet has grown which contributes to the cyber terrorism activities. Cyber terrorism is divided into two primary elements which are terrorism and cyberspace [2]. Terrorism in cyberspace can take many different forms which are physical destruction of machinery crucial to an IT infrastructure, remote interference of computer networks, disruption of government networks, or even disturbance of societal network. As the consequences, it is very difficult to trace the cyber terrorists activities in which there are non-specific trace patterns are currently exist. Therefore, the main objective of this research is to construct cyber terrorism trace pattern in facilitating the investigator on identifying evidence of the cyber terrorist. For the purpose of this paper, traces of the crime is discovered by tracing and mapping the traces left from the potential terrorist website. II. RELATED WORK A. Overview of Cyber Terrorism Cyber terrorism define as the use of Internet to launch any attacks in terrorist activities such as against computer systems, computer program, or data which result on damage cyber space infrastructure itself or some other target. It can be both internal and external networks [3] [4] [5]. Cyber terrorism continues to rise, and terrorists increase in a cyber space [6]. It is very irrelevant in terms of preventing cyber terrorist from carrying out any attacks because there is no specific trace pattern to detect their activities. Based on [2], the cyber terrorism consists six main components namely actor, motivation, tools, method, target, and impact as depicted in Table 1. Table 1 Cyber Terrorism Components Components Explanation Actor Organization, Person Motivation Concept, Ideology, Economic change Tools Weapon, Network warfare Method Operation, Action Target Person, Place, Victims, Organization Impact Violence, Threat Actor can be any organization or person. Motivation can be any concept, ideology, or economic change. Tools involved any weapon or network warfare. Method refers to the operation or any action that will related to the cyber terrorism. Cyber terrorism target might maybe person, place, victims, or organization. Every violence and threats that has been done to the target will be considered as impact components [7] [8] [9]. The potential targets might be directly or indirectly, computers. Usually, cyber terrorist’s use the Internet and other IT infrastructure as their domain space to do cyber terrorism. In terms of political, social, and economic, these might be a main target for cyber terrorist to do any attack. B. Trace Pattern Trace pattern is defines as a way to discover the origin or starting point of a scenario that has happened [13]. It plays an Recent Advances in Computer Science ISBN: 978-1-61804-297-2 240