Cyber crime committed in web environment is assuming gargantuan proportion. Code injection attack is a type of multi step attack carried out by the suspicious user via entering vulnerable code into the web form or address bar of web browser.  An attacker may post an interesting message by injecting malicious JavaScript code through browser entry point which gets stored into vulnerable web site. When a novice end user views the interesting posted message on vulnerable web site containing vulnerable code, his browser executes the malicious script, and his webpage containing session cookies redirected to attacker zone. Investigating Code Injection attacks at the attacker’s environment is a tedious job as the attacker may tamper the evidence after conducting the attack from his environment. In this paper possible Code Injection Attacks in windows environment are presented and new framework is proposed to investigate code injection attack efficiently, which captures attacker’s activities at server side instead of attacker’s environment.

Palmer G. A road map for digital forensics research. Report fromthe First Digital Forensics Research Workshop (DFRWS).Technical Report DTR-T001-01, Air Force Research Laboratory, Rome Research Site; 2001

“Web Forensics,”. Available: www.one-esecurity.com/docs/Jess_Garcia-Web_Forensics.pdf [Accessed: Jun.02, 2010].

Ory Segal, “Web Application Forensics”. The Uncharted Territory “,Sanctum Security Group (www.SanctumInc.com) 2002 [Online]. Available www.cgisecurity.com/lib/WhitePaper_Forensics.pdf [Accessed: Sep.10, 2009].

Shiuh-Jeng Wang,* Yao-Han Chang Hung-Jui Ke Wen-Shenq Juang “Digital Evidence Seizure in Network Intrusions against Cyber-crime“ published in Internet Systems Journal of computers Vol 18 No 4 , January 2008”.

Deepak Singh Tomar , Dr.J.L.Rana and Dr.S.C.Shrivastava. "Evidence Gathering System for Input Attacks " (Paper ID: 091032)published in International Journal of Computer and Network Security(IJCNS),67 Vol. 1, No. 1, October 2009 ISSN Print 2076-2739 & ISSN Online 2076-9199.

“A Windows Registry Quick Reference,”. Available: http://www.forensicfocus.com/downloads/windows-registry-quick-reference.pdf [Accessed: Jun.02, 2010].

Y. Kaplan. “API spying techniques for Windows 9x, NT and 2000”. [Online] http://www.internals.com/articles/apispy/apispy.htm, [Accessed: May.02,2010]

Ahmad, A., “The Forensic Chain of Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures” In the Proceedings of the 6th Pacific Asia Conference on Information Systems, Tokyo, Japan, 2-4 Sept, 2002.