发布求助
文献互助 智能选刊 最新文献

2009 Fifth International Conference on IT Security Incident Management and IT Forensics最新文献

筛选
英文 中文
From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy 从计算机事件分类法到计算机取证检查分类法
2009 Fifth International Conference on IT Security Incident Management and IT Forensics Pub Date : 2009-09-15 DOI: 10.1109/IMF.2009.17
R. Altschaffel, Stefan Kiltz, J. Dittmann
{"title":"From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy","authors":"R. Altschaffel, Stefan Kiltz, J. Dittmann","doi":"10.1109/IMF.2009.17","DOIUrl":"https://doi.org/10.1109/IMF.2009.17","url":null,"abstract":"Forensic investigations are usually conducted to solve crimes committed using IT-systems as pertetrator and/or victim. However, depending on the size of IT-system, also non-malicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well-known Computer Incident Taxonomy [1], this paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and non-malicious incidents. Additionally this taxonomy helps performing a forensic examination in establishing answers to a set of well-definied questions during such an examination. The usefulness of the proposed Forensic Examination Taxonomy is shown using a malicious and a non-malicious example.","PeriodicalId":370893,"journal":{"name":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124378551","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Overcast: Forensic Discovery in Cloud Environments 阴天:云环境中的取证发现
2009 Fifth International Conference on IT Security Incident Management and IT Forensics Pub Date : 2009-09-15 DOI: 10.1109/IMF.2009.21
S. Wolthusen
{"title":"Overcast: Forensic Discovery in Cloud Environments","authors":"S. Wolthusen","doi":"10.1109/IMF.2009.21","DOIUrl":"https://doi.org/10.1109/IMF.2009.21","url":null,"abstract":"While best practices and standards are emerging, supported by advances in research, for forensic investigations in individual computer systems and networks, new challenges are arising, which threaten to more than make up for the ground gained by investigators and researchers. In this paper we review some of the challenges posed by the increasingly common use of highly distributed and complex systems in a number of environments and attempt to outline a research agenda for investigations potentially spanning multiple jurisdictions, large numbers of distributed systems and services, and stretching out over extended periods of time, noting that — despite a strong focus on core areas of computer science and mathematics — there is an inherent strong need for interdisciplinary work linking the requirements and concepts of evidence arising from the legal field to what can be feasibly reconstructed and inferred algorithmically or in an exploratory manner.","PeriodicalId":370893,"journal":{"name":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131842158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 71
Experiences with the NoAH Honeynet Testbed to Detect new Internet Worms 使用NoAH Honeynet测试平台检测新的互联网蠕虫的经验
2009 Fifth International Conference on IT Security Incident Management and IT Forensics Pub Date : 2009-09-15 DOI: 10.1109/IMF.2009.9
Jan Kohlrausch
{"title":"Experiences with the NoAH Honeynet Testbed to Detect new Internet Worms","authors":"Jan Kohlrausch","doi":"10.1109/IMF.2009.9","DOIUrl":"https://doi.org/10.1109/IMF.2009.9","url":null,"abstract":"Recently, major advances have been made in the area of honeypot technologies. These include the development of very accurate and reliable detection methods for unknown attacks targeted at memory corruption vulnerabilities and the design of efficient network architectures. These architectures allow to monitor a large network of IP addresses applying advanced detection methods for zero-day exploits and new Internet worms. Such an advanced architecture and detection method was developed by the NoAH research project funded by the Sixth EU’s Framework Programme for Research and Technological Development. A pilot testbed was set up to demonstrate its effectiveness to detect well-known as well as new attacks on the Internet. While the technical components are well-understood, the interpretation and analysis of the resulting information is to the best of our knowledge still not fully explored by research projects. For the NoAH pilot testbed, a critical test to demonstrate its effectiveness arose with the appearance of the W32.Conficker worm in November 2008. In this paper we present the experimental results of this testbed focusing on the detection and analysis of the W32.Conficker worm which is still widely spread and an ongoing threat to the Internet. In detail, we introduce the detection process starting with the first suspicion of a new Internet worm towards its analysis and capture of malware.","PeriodicalId":370893,"journal":{"name":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125902193","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Analysis of Download Accelerator Plus (DAP) for Forensic Artefacts 下载加速器Plus (DAP)对法医文物的分析
2009 Fifth International Conference on IT Security Incident Management and IT Forensics Pub Date : 2009-09-15 DOI: 10.1109/IMF.2009.11
Muhammad Yasin, M. A. Wahla, F. Kausar
{"title":"Analysis of Download Accelerator Plus (DAP) for Forensic Artefacts","authors":"Muhammad Yasin, M. A. Wahla, F. Kausar","doi":"10.1109/IMF.2009.11","DOIUrl":"https://doi.org/10.1109/IMF.2009.11","url":null,"abstract":"Download Accelerator Plus (DAP) is one of the most popular download managers [1] due to its free availability, download speed and versatility. This software records download activities across multiple files which include history, registry, RAM, swap and temporary files. This paper analyzes a) the log files (with .DAT extension), b) windows registry entries, and c) RAM and swap files from forensic view point. We also look at tools and techniques for extracting evidence. This research work describes a number of traces left behind after the use of DAP such as install location, download path, downloaded files and menu extensions to name a few, enabling digital investigators to search and interpret download activities. Moreover the study is supported by a tool, DAP Forensic Artefact Colletor (DAPFAC), that assists forensic examiners by providing valuable information which is retrieved from the windows registry and history files on the basis of analysis performed. The widespread use of DAP makes this analysis, an attractive option, ranging from law enforcement agencies to employees monitoring manager.","PeriodicalId":370893,"journal":{"name":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","volume":"318 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124501229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信