An Investigative Framework for Incident Analysis
نویسنده
چکیده
A computer incident occurs in a larger context than just a computer network. Because of this, investigators need a holistic forensic framework to analyze incidents in their entire context. This paper presents a framework that organizes incidents into social, logical and physical levels in order to analyze them in their entirety (including the human and physical factors) rather than from a purely technical viewpoint. The framework applies the six investigative questions – who, what, why, when, where and how – to the individual stages of an incident as well as to the entire incident. The utility of the framework is demonstrated using an insider threat case study, which shows where the evidence may be found in order to conduct a successful investigation.
منابع مشابه
Implementing the National Incident Management System as a Framework for Travel Medicine in Haiti
Introduction: For the past 7 years, a nursing school has conducted biannual medical missions in a virtually inaccessible area in Haiti. Each medical mission team provides primary care, pediatric and gynecological examinations for up to 6 days in the impoverished island nation. Methods: To improve the safety of participants engaged in this humanitarian tra...
متن کاملA Generic Framework for Network Forensics
Internet is the most powerful medium as on date, facilitating varied services to numerous users. It has also become the environment for cyber warfare where attacks of many types (financial, ideological, revenge) are being launched. The e-commerce transactions being carried out online are of major interest to cybercriminals. The Internet needs to be protected from these attacks and an appropriat...
متن کاملInvestigative and Comparative Approach for Worldwide Information and local perceptions Induced by Climate Change and its Correspondence
A new challenge which the world will face in near future is the reduction of water resources regarding to global climate changes. Climate change is one of the phenomena which will threats future of the universe. Iran locates in an arid and semi-arid region and has limited water resources. Based on global and Intergovernmental Panel on Climate Change (IPCC) board database and the statistics of s...
متن کاملA Digital Forensic Investigative Model for Business Organisations
When a digital incident occurs there are generally three courses of actions that are taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event. In the case of law enforcement the priority is to secure the crime scene, followed by the identification of evidentiary sources which should be dispatched to a specialist laboratory for ana...
متن کاملA Structured Approach to Incident Postmortems
Investigators of digital incidents generally think in terms of using digital forensics and the digital investigative process for the purpose of identifying the perpetrator of the incident. However, today many organizations are more concerned with finding out what weaknesses allowed the attack to be successful and identifying effective countermeasures for the future. This is a specialized branch...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011