Process Forensics: A Pilot Study on the Use of Checkpointing Technology in Computer Forensics
作者: Joseph N. Wilson , Mark Foster
DOI:
关键词: Network forensics 、 Address space 、 Load balancing (computing) 、 Computer science 、 File system 、 Fault tolerance 、 Digital evidence 、 Process migration 、 Computer forensics 、 Computer security
摘要: The goal of this paper is to introduce a new area computer forensics: process forensics. Process forensics involves extracting information from process’s address space for the purpose finding digital evidence pertaining crime. challenge sub-field that given usually lost long before forensic investigator analyzing hard disk and file system computer. Therefore, authors make case an accurate reliable checkpointing tool could create source investigator. technology nothing when considering migration, fault tolerance, or load balancing. However, with respect forensics, gains have yet be explored.
参考文章(7)
Nong Ye, A Markov Chain Model of Temporal Behavior for Anomaly Detection information assurance and security. ,(2000)
Gary L. Palmer, Forensic Analysis in the Digital World. International Journal of Digital Evidence. ,vol. 1, ,(2002)
Peter Stephenson, Investigating Computer-Related Crime ,(1999)
Mark Foster, Joseph N. Wilson, Shigang Chen, Using Greedy Hamiltonian Call paths to detect stack smashing attacks international conference on information security. pp. 183- 194 ,(2004) , 10.1007/978-3-540-30144-8_16
Yihua Liao, V. Rao Vemuri, Using Text Categorization Techniques for Intrusion Detection usenix security symposium. pp. 51- 59 ,(2002)
Peter Sommer, None, Intrusion detection systems as evidence Computer Networks. ,vol. 31, pp. 2477- 2487 ,(1999) , 10.1016/S1389-1286(99)00113-9
Brian Carrier, Open Source Digital Forensics Tools The Legal Argument 1 ,(2003)