Detecting data theft using stochastic forensics
نویسندگان
چکیده
منابع مشابه
Detecting data theft using stochastic forensics
We present a method to examine a filesystem and determine if and when files were copied from it. We develop this method by stochastically modeling filesystem behavior under both routine activity and copying, and identifying emergent patterns in MAC timestamps unique to copying. These patterns are detectable even months afterwards. We have successfully used this method to investigate data exfilt...
متن کاملWindows Registry Forensics: An Imperative Step in Tracking Data Theft via USB Devices
Owing to the increasing pace of occurrence of crimes in digital world, cyber forensic investigation is becoming a burning topic in the field of information security. Registry is an important location in Windows system that contains footprints of user activities and other configuration data, which may be valuable for forensic investigators in collecting potential evidences from the system. This ...
متن کاملJava Birthmarks - Detecting the Software Theft -
To detect the theft of Java class files efficiently, we propose a concept of Java birthmarks, which are unique and native characteristics of every class file. For a pair of class files p and q, if q has the same birthmark as p’s, q is suspected as a copy of p. Ideally, the birthmarks should satisfy the following properties: (a) preservation – the birthmarks should be preserved even if the origi...
متن کاملDetecting Concept Drift in Data Stream Using Semi-Supervised Classification
Data stream is a sequence of data generated from various information sources at a high speed and high volume. Classifying data streams faces the three challenges of unlimited length, online processing, and concept drift. In related research, to meet the challenge of unlimited stream length, commonly the stream is divided into fixed size windows or gradual forgetting is used. Concept drift refer...
متن کاملDetecting Objective-C Malware through Memory Forensics
Memory forensics is increasingly used to detect and analyze sophisticated malware. In the last decade, major advances in memory forensics have made analysis of kernel-level mal-ware straightforward. Kernel-level malware has been favored by attackers because it essentially provides complete control over a machine. This has changed recently as operating systems vendors now routinely enforce drivi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Digital Investigation
سال: 2011
ISSN: 1742-2876
DOI: 10.1016/j.diin.2011.05.009