A Common Process Model for Incident Response and Computer Forensics

نویسندگان

Felix C. Freiling

Bastian Schwittay

چکیده

Incident Response and Computer Forensics are two areas with similar goals but distinct process models. While in both cases the goal is to investigate computer security incidents and contain their effects, Incident Response focusses more on restoration of normal service and Computer Forensics on the provision of evidence that can be used in a court of law. In this paper we present a common model for both Incident Response and Computer Forensics processes which combines their advantages in a flexible way: It allows for a management oriented approach in digital investigations while retaining the possibility of a rigorous forensics investigation.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Computer Forensics in the Global Enterprise

The increase in cyber-crime has created the need for security technologies that are always one step ahead of the criminal. Computer forensics and incident response solutions allow a corporation to self-regulate and investigate their infrastructure with a significantly increased level of assurance; identifying the root cause of an incident and verifying the integrity of critical information. Man...

متن کامل

On Incident Handling and Response: A state-of-the-art approach

Incident Response has always been an important aspect of Information Security but it is often overlooked by security administrators. Responding to an incident is not solely a technical issue but has many management, legal, technical and social aspects that are presented in this paper. We propose a detailed management framework along with a complete structured methodology that contains best prac...

متن کامل

VAST: A Unified Platform for Interactive Network Forensics

Network forensics and incident response play a vital role in site operations, but for large networks can pose daunting difficulties to cope with the ever-growing volume of activity and resulting logs. On the one hand, logging sources can generate tens of thousands of events per second, which a system supporting comprehensive forensics must somehow continually ingest. On the other hand, operator...

متن کامل

Fostering incident response and digital forensics research

This article highlights different incident response topics with a focus on digital forensics. The purpose is to identify areas of recent change or areas in need of deeper understanding and exploration, and to foster further research and study in the field.

متن کامل

On A Reference Model of Distributed Cooperative Network, Forensics System

The employment of a patchwork of nonintegrated security products can only provide incomplete coverage, which cannot give the total panorama of the network misuse behavior. Network forensics is a new approach for the incident investigation and emergence response, which also enhance the network security from a different point of view. In this paper, we present the reference model of distributed c...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2007

A Common Process Model for Incident Response and Computer Forensics

نویسندگان

چکیده

منابع مشابه

Computer Forensics in the Global Enterprise

On Incident Handling and Response: A state-of-the-art approach

VAST: A Unified Platform for Interactive Network Forensics

Fostering incident response and digital forensics research

On A Reference Model of Distributed Cooperative Network, Forensics System

عنوان ژورنال:

اشتراک گذاری