A model of forensic analysis using goal-oriented logging
作者: Sean Philip Peisert , Sidney Karin
DOI:
关键词:
摘要: Forensic analysis is the process of understanding, re-creating, and analyzing arbitrary events that have previously occurred. It seeks to answer such questions as how an intrusion occurred, what attacker did during intrusion, effects attack were. Currently field computer forensics largely ad hoc. Data generally collected because applications log it for debugging purposes or someone thought be important. Practical forensic has traditionally traded off analyzability against amount data recorded. Recording less puts a smaller burden both on systems humans analyze them. Not recording enough leaves analysts drawing their conclusions based inference, rather than deduction. This dissertation presents model analysis, called Laocoon, designed determine necessary understand past events. The builds upon earlier used detection, requires/provides model. set qualities we believe good should possess. Those are in turn influenced by five principles analysis. We apply Laocoon examples, present results UNIX system. demonstrate can record amounts highly useful data, forcing choice between overwhelming small effectively useless.
ucdavis.edu 参考文章(101)
Matt Bishop, How To Write a Setuid Program ,(2001)
Dominic G. Lucchetti, Peter M. Chen, Zhuoqing Morley Mao, Samuel T. King, Enriching Intrusion Alerts Through Multi-Host Causality. network and distributed system security symposium. ,(2005)
R. P. Abbott, Security Analysis and Enhancements of Computer Operating Systems National Bureau of Standards. ,(1976) , 10.6028/NBS.IR.76-1041
Andrew Harrison Gross, Analyzing computer intrusions University of California at San Diego. ,(1998)
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
Karl Levitt, James Hoagland, Christopher Wee, Audit Log Analysis Using the Visual Audit Browser Toolkit ,(1998)
James P. Anderson, Computer Security Technology Planning Study ,(1972)
Sean Peisert, Forensics For System Administrators Log in. ,vol. 30, pp. 34- 42 ,(2005)
Daniel F. Sterne, David L. Sherman, Kenneth M. Walker, Lee Badger, A Domain and Type Enforcement UNIX Prototype. Computing Systems. ,vol. 9, pp. 47- 83 ,(1996)
Fred Chris Smith, Rebecca Gurley Bace, A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony as an Expert Technical Witness ,(2002)