首页    期刊浏览 2024年12月01日 星期日
登录注册

文章基本信息

  • 标题:Forensic Evidence Identification and Modeling for Attacks against a Simulated Online Business Information System
  • 本地全文:下载
  • 作者:Manghui Tu
  • 期刊名称:Journal of Digital Forensics, Security and Law
  • 印刷版ISSN:1558-7215
  • 电子版ISSN:1558-7223
  • 出版年度:2012
  • 卷号:4
  • 期号:1796
  • 页码:73-98
  • 语种:English
  • 出版社:Association of Digital Forensics, Security and Law
  • 摘要:Forensic readiness can support future forensics investigation or auditing on external/internal attacks, internal sabotage and espionage, and business frauds. To establish forensics readiness, it is essential for an organization to identify what evidences are relevant and where they can be found, to determine whether they are logged in a forensic sound way and whether all the needed evidences are available to reconstruct the events successfully. Our goal of this research is to ensure evidence availability. First, both external and internal attacks are molded as augmented attack trees/graphs based on the system vulnerabilities. Second, modeled attacks are conducted against a honeynet simulating an online business information system, and each honeypot's hard drive is forensic sound imaged for each individual attack. Third, an evidence tree/graph will be built after forensics examination on the disk images for each attack. The evidence trees/graphs are expected to be used for automatic crime scene reconstruction and automatic attack/fraud detection in the future.
国家哲学社会科学文献中心版权所有