摘要: To ensure that the potential evidence is readily available in an acceptable form when incident or a crime occurs, we propose resource-based event reconstruction prototype corresponds to different phases of digital forensics framework, and demonstrate its feasibility by assessing applicability existing open-source applications proposed prototype. The study results show can enhance capability organization for collecting, preserving, protecting, analysing regarding system resources as source calls events.
sci-hub.se 参考文章(27)
Mark Reith, Clint Carr, Gregg H. Gunsch, An Examination of Digital Forensic Models International Journal of Digital Evidence. ,vol. 1, ,(2002)
Robert Rowlingson, A Ten Step Process for Forensic Readiness. International Journal of Digital Evidence. ,vol. 2, ,(2004)
I. J. Schoenberg, Contributions to the Problem of Approximation of Equidistant Data by Analytic Functions I. J. Schoenberg Selected Papers. pp. 3- 57 ,(1988) , 10.1007/978-1-4899-0433-1_1
Tal Garfinkel, Mendel Rosenblum, Ben Pfaff, Ostia: A Delegating Architecture for Secure System Call Interposition. network and distributed system security symposium. ,(2004)
Chad Verbowski, Roussi Roussev, Emre Kiciman, Juhan Lee, Shan Lu, Arunvijay Kumar, Yi-Min Wang, Brad Daniels, Flight data recorder: monitoring persistent-state interactions to improve systems management operating systems design and implementation. pp. 117- 130 ,(2006) , 10.5555/1298455.1298467
Christopher Hargreaves, Jonathan Patterson, An automated timeline reconstruction approach for digital forensic investigations Digital Investigation. ,vol. 9, ,(2012) , 10.1016/J.DIIN.2012.05.006
B. Plattner, J. Nievergelt, Special Feature: Monitoring Program Execution: A Survey IEEE Computer. ,vol. 14, pp. 76- 93 ,(1981) , 10.1109/C-M.1981.220255
Suresh N. Chari, Pau-Chen Cheng, BlueBoX ACM Transactions on Information and System Security. ,vol. 6, pp. 173- 200 ,(2003) , 10.1145/762476.762477
Steven J. Templeton, Karl Levitt, A requires/provides model for computer attacks new security paradigms workshop. pp. 31- 38 ,(2001) , 10.1145/366173.366187
A.P. Kosoresow, S.A. Hofmeyer, Intrusion detection via system call traces IEEE Software. ,vol. 14, pp. 35- 42 ,(1997) , 10.1109/52.605929