Forensic Evidence Identification and Modeling for Attacks against a Simulated Online Business Information System
Clicks: 284
ID: 72769
2012
Forensic readiness can support future forensics investigation or auditing on external/internal attacks, internal sabotage and espionage, and business frauds. To establish forensics readiness, it is essential for an organization to identify what evidences are relevant and where they can be found, to determine whether they are logged in a forensic sound way and whether all the needed evidences are available to reconstruct the events successfully. Â Our goal of this research is to ensure evidence availability. First, both external and internal attacks are molded as augmented attack trees/graphs based on the system vulnerabilities. Second, modeled attacks are conducted against a honeynet simulating an online business information system, and each honeypot's hard drive is forensic sound imaged for each individual attack. Third, an evidence tree/graph will be built after forensics examination on the disk images for each attack. The evidence trees/graphs are expected to be used for automatic crime scene reconstruction and automatic attack/fraud detection in the future.
| Reference Key |
tu2012forensicjournal
Use this key to autocite in the manuscript while using
SciMatic Manuscript Manager or Thesis Manager
|
|---|---|
| Authors | Tu, Manghui; |
| Journal | journal of digital forensics, security and law |
| Year | 2012 |
| DOI | DOI not found |
| URL | |
| Keywords |
social sciences (general)
social sciences
social pathology. social and public welfare. criminology
law
political science
criminal law and procedure
special aspects of education
political science (general)
history (general)
law in general. comparative and uniform law. jurisprudence
demography. population. vital events
modern history, 1453-
international relations
|
Citations
No citations found. To add a citation, contact the admin at info@scimatic.org
Comments
No comments yet. Be the first to comment on this article.