The Properties of Computer Equipment Objects Evaluation to Ensure Post-Incident Audit

Abstract

The study of computer incidents is an important area of activity in the field of information security. The paper considers a method for describing the properties of objects of computer equipment to ensure post-incident audit. The investigation of incidents is considered by analyzing the properties of objects of volatile memory, non-volatile memory, and network traffic. These properties are presented as a set of attributes and are analyzed by applying graph theory. To solve the final problem of determining and formalizing a computer incident, various algorithms on graphs and sets of properties can be used. The paper presents a computational experiment of post-incident audit of computer equipment by the example of determining a computer incident. The presented method minimizes the amount of information processed by using only attributes for analysis.