Catálogo de publicaciones - libros
Advances in Digital Forensics: IFIP International Conference on Digital Forensics, National Centre for Forensic Science, Orlando, Florida, January 28-January 31, 2007
Philip Craiger ; Sujeet Shenoi (eds.)
1.
En conferencia: 3º IFIP International Conference on Digital Forensics (DigitalForensics) . Orlando, FL, USA . January 28, 2007 - January 31, 2007
Resumen/Descripción – provisto por la editorial
No disponible.
Palabras clave – provistas por la editorial
No disponibles.
Disponibilidad
Institución detectada | Año de publicación | Navegá | Descargá | Solicitá |
---|---|---|---|---|
No detectada | 2007 | SpringerLink |
Información
Tipo de recurso:
libros
ISBN impreso
978-0-387-73741-6
ISBN electrónico
978-0-387-73742-3
Editor responsable
Springer Nature
País de edición
Reino Unido
Fecha de publicación
2007
Información sobre derechos de publicación
© International Federation for Information Processing 2007
Cobertura temática
Tabla de contenidos
Specializing CRISP-DM for Evidence Mining
Jacobus Venter; Alta de Waal; Cornelius Willers
Forensic analysis requires a keen detective mind, but the human mind has neither the ability nor the time to process the millions of bytes on a typical computer hard disk. Digital forensic investigators need powerful tools that can automate many of the analysis tasks that are currently being performed manually.
This paper argues that forensic analysis can greatly benefit from research in knowledge discovery and data mining, which has developed powerful automated techniques for analyzing massive quantities of data to discern novel, potentially useful patterns. We use the term “evidence mining ” to refer to the application of these techniques in the analysis phase of digital forensic investigations. This paper presents a novel approach involving the specialization of CRISP-DM, a cross-industry standard process for data mining, to CRISP-EM, an evidence mining methodology designed specifically for digital forensics. In addition to supporting forensic analysis, the CRISP-EM methodology offers a structured approach for defining the research gaps in evidence mining.
IX - Evidence Analysis and Management | Pp. 303-315
Applying The Biba Integrity Model to Evidence Management
Kweku Arthur; Martin Olivier; Hein Venter
This paper describes the design of an integrity-aware Forensic Evidence Management System (FEMS). The well-known Biba integrity model is employed to preserve and reason about the integrity of stored evidence. Casey’s certainty scale provides the integrity classification scheme needed to apply the Biba model. The paper also discusses the benefits of using an integrity-aware system for managing digital evidence.
IX - Evidence Analysis and Management | Pp. 317-327
Investigating Computer Attacks Using Attack Trees
Nayot Poolsapassit; Indrajit Ray
System log files contain valuable evidence pertaining to computer attacks. However, the log files are often massive, and much of the information they contain is not relevant to the investigation. Furthermore, the files almost always have a flat structure, which limits the ability to query them. Thus, digital forensic investigators find it extremely difficult and time consuming to extract and analyze evidence of attacks from log files. This paper describes an automated attack-tree-based approach for filtering irrelevant information from system log files and conducting systematic investigations of computer attacks.
X - Formal Methods | Pp. 331-343
Attack Patterns: A New Forensic and Design Tool
Eduardo Fernandez; Juan Pelaez; Maria Larrondo-Petrie
A pattern is an encapsulated solution to a problem in a given context that can be used to guide system design and evaluation. Analysis, design and architectural patterns are established formalisms for designing high quality software. Security patterns guide the secure design of systems by providing generic solutions that prevent a variety of attacks. This paper presents an attack pattern, a new type of pattern that is specified from the point of view of an attacker. The pattern describes how an attack is performed, enumerates the security patterns that can be applied to defeat the attack, and describes how to trace the attack once it has occurred. An example involving DoS attacks on VoIP networks is used to demonstrate the value of the formalism to security designers and forensic investigators.
X - Formal Methods | Pp. 345-357