A Prototype for Support of Computer Forensic Analysis Combined with the Expected Knowledge Level of an Attacker to More Efficiently Achieve Investigation Results

2010 International Conference on Availability, Reliability and Security Pub Date : 2010-03-25 DOI:10.1109/ARES.2010.25

M. Bielecki, G. Quirchmayr

{"title":"A Prototype for Support of Computer Forensic Analysis Combined with the Expected Knowledge Level of an Attacker to More Efficiently Achieve Investigation Results","authors":"M. Bielecki, G. Quirchmayr","doi":"10.1109/ARES.2010.25","DOIUrl":null,"url":null,"abstract":"This paper describes a novel approach to combine the strengths of an automated presentation and argumentation support system with a classification of cybercriminals similar to the ones used in law enforcement work. The discussed concept is still in an early stage of development with no substantiated scientific results. The beginning of the paper is dedicated to the description of a prototype based on an automated forensic support system called ¿CFAA¿ (¿Computer Forensic Analyzer and Advisor¿). This description is followed by a short classification of current cybercriminals and their knowledge levels. This classification is a slight modification of the one described in \"Scene of the Cybercrime\" by Debra Littlejohn Shinder. The paper then continues with the presentation of an envisaged approach towards combining the software tool with the determined classification to increase the efficiency of the forensic analysis. The core aim of this paper is to demonstrate the possible increase of efficiency with adjusting the appropriate cybercriminal levels according to the forensic investigation.","PeriodicalId":360339,"journal":{"name":"2010 International Conference on Availability, Reliability and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2010.25","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

This paper describes a novel approach to combine the strengths of an automated presentation and argumentation support system with a classification of cybercriminals similar to the ones used in law enforcement work. The discussed concept is still in an early stage of development with no substantiated scientific results. The beginning of the paper is dedicated to the description of a prototype based on an automated forensic support system called ¿CFAA¿ (¿Computer Forensic Analyzer and Advisor¿). This description is followed by a short classification of current cybercriminals and their knowledge levels. This classification is a slight modification of the one described in "Scene of the Cybercrime" by Debra Littlejohn Shinder. The paper then continues with the presentation of an envisaged approach towards combining the software tool with the determined classification to increase the efficiency of the forensic analysis. The core aim of this paper is to demonstrate the possible increase of efficiency with adjusting the appropriate cybercriminal levels according to the forensic investigation.

查看原文本刊更多论文

一种结合攻击者预期知识水平支持计算机取证分析的原型，以更有效地实现调查结果

本文描述了一种将自动演示和论证支持系统的优势与类似于执法工作中使用的网络罪犯分类相结合的新方法。所讨论的概念仍处于发展的早期阶段，没有确凿的科学结果。论文的开头专门描述了一个基于自动法医支持系统¿CFAA¿(计算机法医分析仪和顾问)的原型。接下来是对当前网络罪犯及其知识水平的简短分类。这种分类是对Debra Littlejohn Shinder在“网络犯罪现场”中描述的分类的轻微修改。然后，论文继续介绍了一种设想的方法，将软件工具与确定的分类相结合，以提高法医分析的效率。本文的核心目的是证明根据法医调查调整适当的网络犯罪级别可能提高效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 International Conference on Availability, Reliability and Security

自引率

0.00%

发文量