从计算机事件分类法到计算机取证检查分类法

2009 Fifth International Conference on IT Security Incident Management and IT Forensics Pub Date : 2009-09-15 DOI:10.1109/IMF.2009.17

R. Altschaffel, Stefan Kiltz, J. Dittmann

{"title":"从计算机事件分类法到计算机取证检查分类法","authors":"R. Altschaffel, Stefan Kiltz, J. Dittmann","doi":"10.1109/IMF.2009.17","DOIUrl":null,"url":null,"abstract":"Forensic investigations are usually conducted to solve crimes committed using IT-systems as pertetrator and/or victim. However, depending on the size of IT-system, also non-malicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well-known Computer Incident Taxonomy [1], this paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and non-malicious incidents. Additionally this taxonomy helps performing a forensic examination in establishing answers to a set of well-definied questions during such an examination. The usefulness of the proposed Forensic Examination Taxonomy is shown using a malicious and a non-malicious example.","PeriodicalId":370893,"journal":{"name":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy\",\"authors\":\"R. Altschaffel, Stefan Kiltz, J. Dittmann\",\"doi\":\"10.1109/IMF.2009.17\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Forensic investigations are usually conducted to solve crimes committed using IT-systems as pertetrator and/or victim. However, depending on the size of IT-system, also non-malicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well-known Computer Incident Taxonomy [1], this paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and non-malicious incidents. Additionally this taxonomy helps performing a forensic examination in establishing answers to a set of well-definied questions during such an examination. The usefulness of the proposed Forensic Examination Taxonomy is shown using a malicious and a non-malicious example.\",\"PeriodicalId\":370893,\"journal\":{\"name\":\"2009 Fifth International Conference on IT Security Incident Management and IT Forensics\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-09-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Fifth International Conference on IT Security Incident Management and IT Forensics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMF.2009.17\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fifth International Conference on IT Security Incident Management and IT Forensics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMF.2009.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

法医调查通常是为了解决利用资讯科技系统作为犯罪者和/或受害者所犯下的罪行。但是，根据it系统的大小，也可以使用相同的方法和经过验证的技术来调查非恶意事件。基于著名的计算机事件分类法[1]中包含的原则，本文提出建立一种通用语言来描述计算机法医检查，无论是在恶意事件还是在非恶意事件中。此外，这种分类法有助于在进行法医检查时确定一组明确定义的问题的答案。使用一个恶意和一个非恶意示例来显示所提出的法医检查分类法的有用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy

Forensic investigations are usually conducted to solve crimes committed using IT-systems as pertetrator and/or victim. However, depending on the size of IT-system, also non-malicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well-known Computer Incident Taxonomy [1], this paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and non-malicious incidents. Additionally this taxonomy helps performing a forensic examination in establishing answers to a set of well-definied questions during such an examination. The usefulness of the proposed Forensic Examination Taxonomy is shown using a malicious and a non-malicious example.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 Fifth International Conference on IT Security Incident Management and IT Forensics

自引率

0.00%

发文量