{"title":"计算机日志文件取证中数据隐藏的入侵调查","authors":"Yang Fan, Shiuh-Jeng Wang","doi":"10.1109/FUTURETECH.2010.5482741","DOIUrl":null,"url":null,"abstract":"In most of companies or organizations, logs play important role in information security. However, the common security mechanism only backup logs, it is not able to find out traces of intruders because the hacker who is able to intrudes the security mechanism of organization would try to alter logs or destroy important intrusion evidences making it impossible to preserve evidence using traditional log security strategies. Thus, logs are not considered as evidence to prove the damage. In that case, digital evidence lacks in terms of completeness which makes it difficult to perform computer forensics operations. In order to maintain the completeness and reliability of evidence for later forensic procedures and intrusion detection, the study applies concepts of steganography to logs forensics, for which even intrusion altered records will be kept as well. Comparing to traditional security strategies, this study proposes a better logging mechanism to ensure the completeness of logs. Furthermore, the study will assist in intrusion detection through alteration behavior, and help in forensic operations.","PeriodicalId":380192,"journal":{"name":"2010 5th International Conference on Future Information Technology","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"Intrusion Investigations with Data-Hiding for Computer Log-File Forensics\",\"authors\":\"Yang Fan, Shiuh-Jeng Wang\",\"doi\":\"10.1109/FUTURETECH.2010.5482741\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In most of companies or organizations, logs play important role in information security. However, the common security mechanism only backup logs, it is not able to find out traces of intruders because the hacker who is able to intrudes the security mechanism of organization would try to alter logs or destroy important intrusion evidences making it impossible to preserve evidence using traditional log security strategies. Thus, logs are not considered as evidence to prove the damage. In that case, digital evidence lacks in terms of completeness which makes it difficult to perform computer forensics operations. In order to maintain the completeness and reliability of evidence for later forensic procedures and intrusion detection, the study applies concepts of steganography to logs forensics, for which even intrusion altered records will be kept as well. Comparing to traditional security strategies, this study proposes a better logging mechanism to ensure the completeness of logs. Furthermore, the study will assist in intrusion detection through alteration behavior, and help in forensic operations.\",\"PeriodicalId\":380192,\"journal\":{\"name\":\"2010 5th International Conference on Future Information Technology\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-05-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 5th International Conference on Future Information Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FUTURETECH.2010.5482741\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 5th International Conference on Future Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FUTURETECH.2010.5482741","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Intrusion Investigations with Data-Hiding for Computer Log-File Forensics
In most of companies or organizations, logs play important role in information security. However, the common security mechanism only backup logs, it is not able to find out traces of intruders because the hacker who is able to intrudes the security mechanism of organization would try to alter logs or destroy important intrusion evidences making it impossible to preserve evidence using traditional log security strategies. Thus, logs are not considered as evidence to prove the damage. In that case, digital evidence lacks in terms of completeness which makes it difficult to perform computer forensics operations. In order to maintain the completeness and reliability of evidence for later forensic procedures and intrusion detection, the study applies concepts of steganography to logs forensics, for which even intrusion altered records will be kept as well. Comparing to traditional security strategies, this study proposes a better logging mechanism to ensure the completeness of logs. Furthermore, the study will assist in intrusion detection through alteration behavior, and help in forensic operations.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
