Forensic analysis of compromised systems

2012 IEEE 10th International Conference on Emerging eLearning Technologies and Applications (ICETA) Pub Date : 2012-11-01 DOI:10.1109/ICETA.2012.6418288

A. Baláz, R. Hlinka

{"title":"Forensic analysis of compromised systems","authors":"A. Baláz, R. Hlinka","doi":"10.1109/ICETA.2012.6418288","DOIUrl":null,"url":null,"abstract":"This article presents a study on whether and how may forensic analysis contribute to a compromised system. It explores the use of specific procedures for conducting security examinations of such a system, allowing gaining and store relevant evidence. Test results in laboratory-scale environment demonstrate the feasibility of performing general methods on live computer systems, operations systems in particular, all intended for the scale of forensic analyses. The study also weighs the relative contributions of possible forensic data sources which may a forensic analyst reveal throughout the analysis, especially important data obtained from operation systems Windows and Linux, whereby it is possible to extract valuable information. Finally, the exploratory activities result in the list of procedures applicable to Linux operating system that are seen to satisfy the security requirements for important data. The present study also intends to examine the mediating role of computer security as a process or mechanism by which to explain the relationship between forensic analysis and computing systems.","PeriodicalId":212597,"journal":{"name":"2012 IEEE 10th International Conference on Emerging eLearning Technologies and Applications (ICETA)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 10th International Conference on Emerging eLearning Technologies and Applications (ICETA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICETA.2012.6418288","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

This article presents a study on whether and how may forensic analysis contribute to a compromised system. It explores the use of specific procedures for conducting security examinations of such a system, allowing gaining and store relevant evidence. Test results in laboratory-scale environment demonstrate the feasibility of performing general methods on live computer systems, operations systems in particular, all intended for the scale of forensic analyses. The study also weighs the relative contributions of possible forensic data sources which may a forensic analyst reveal throughout the analysis, especially important data obtained from operation systems Windows and Linux, whereby it is possible to extract valuable information. Finally, the exploratory activities result in the list of procedures applicable to Linux operating system that are seen to satisfy the security requirements for important data. The present study also intends to examine the mediating role of computer security as a process or mechanism by which to explain the relationship between forensic analysis and computing systems.

查看原文本刊更多论文

对受损系统进行取证分析

本文介绍了一项关于取证分析是否以及如何导致系统受损的研究。它探讨了如何使用特定程序对这一系统进行安全检查，以便获取和储存相关证据。实验室规模环境中的测试结果证明了在实时计算机系统上执行一般方法的可行性，特别是操作系统，所有这些都是用于法医分析的规模。该研究还权衡了可能的取证数据源的相对贡献，这些数据源可能是取证分析师在整个分析过程中揭示的，特别是从操作系统Windows和Linux中获得的重要数据，从而有可能提取有价值的信息。最后，探索性活动产生了适用于Linux操作系统的过程列表，这些过程被认为可以满足重要数据的安全需求。本研究亦试图检视电脑安全的中介作用，作为解释法医分析与电脑系统之间关系的过程或机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 IEEE 10th International Conference on Emerging eLearning Technologies and Applications (ICETA)

自引率

0.00%

发文量