Digital Forensic Reconstruction and the Virtual Security Testbed ViSe
نویسندگان
چکیده
This paper presents ViSe, a virtual security testbed, and demonstrates how it can be used to efficiently study computer attacks and suspect tools as part of a computer crime reconstruction. Based on a hypothesis of the security incident in question, ViSe is configured with the appropriate operating systems, services, and exploits. Attacks are formulated as event chains and replayed on the testbed. The effects of each event are analyzed in order to support or refute the hypothesis. The purpose of the approach is to facilitate forensic testing of a digital crime using minimal resources. Although a reconstruction can neither prove a hypothesis with absolute certainty, nor exclude the correctness of other hypotheses, a standardized environment, such as ViSe, combined with event reconstruction and testing, can lend credibility to an investigation and can be a great asset in court.
منابع مشابه
ViSe: The Virtual Security Testbed
Traditional means of testing Intrusion Detection Systems (IDSs) require the creation of isolated physical test networks (testbeds) using machines that must be individually configured for each test. This process becomes cumbersome and resource-intensive when malicious attacks, launched against the pre-configured systems, cause significant harm and require the reinstallation of software before te...
متن کاملAnalyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملTowards a Virtualized Sensing Environment
While deploying a sensor network is necessary for proofof-concept experimentation, it is a time-consuming and tedious task that dramatically slows innovation. Treating sensor networks as shared testbeds and integrating them into a federated testbed infrastructure, such as FIRE, GENI, AKARI, or CNGI, enables a broad user community to benefit from time-consuming deployment exercises. In this pape...
متن کاملFATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory
We present the Forensic Analysis ToolKit (FATKit)–a modular, extensible framework that increases the practical applicability of volatile memory forensic analysis by freeing human analysts from the prohibitively-tedious aspects of low-level data extraction. FATKit allows analysts to focus on higherlevel tasks by providing novel methods for automatically deriving digital object definitions from C...
متن کاملModelling Based Approach for Reconstructing Evidence of VoIP Malicious Attacks
Voice over Internet Protocol (VoIP) is a new communication technology that uses internet protocol in providing phone services. VoIP provides various forms of benefits such as low monthly fee and cheaper rate in terms of long distance and international calls. However, VoIP is accompanied with novel security threats. Criminals often take advantages of such security threats and commit illicit acti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006