Applying a Stepwise Forensic Approach to Incident Response and Computer Usage Analysis

Lim, Kyung-Soo; Lee, Seungbong; Lee, Sang-Jin

doi:10.1109/csa.2009.5404204

Cited by 5 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The new process model is opted to collect crucial evidence quickly and investigate the cases immediately. The Stepwise Forensic Process Model presents the stepwise and in-situ approach provides incident identification, recovery, analysis [12]. The SFPM suggest a new investigational model for selecting the target and analysing the relevant evidences only.…”

Section: Resultsmentioning

confidence: 99%

“…The composition of Hbase database not only improves the data sharing rate, but also enhances ease for the analysts to perform digital forensic investigations. In [12] Kyung-Soo Lim, Seung Bong Lee and Sangjin Lee have emphasize that we need new process model to collect crucial evidence . The Stepwise Forensic Process Model provides stepwise and in-situ approach for providing incident description, recovery, analysis.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

A Literature review on Cyber Forensic and its Analysis tools

Kaur¹,

Kaur²,

Khurana³

2016

International Journal of Advanced Research in Computer and Comm

View full text Add to dashboard Cite

With the advancement in cyber area, frequent use of internet and technologies leads to cyber attacks. Digital forensic is opted for acquiring electronic information and investigation of malicious evidence found in system or on network in such a manner that makes it admissible in court. It is also used to recover lost information in a system. The recovered information is used to prosecute a criminal. Number of crimes committed against an internet and malware attacks over the digital devices have increased. Memory analysis has become a critical capability in digital forensics because it provides insight into the system state that should not be represented by traditional media analysis. In this paper, we study the details of cyber forensics and also provide the vital information regarding distinctive tools operate in digital forensic process. It includes forensic analysis of encrypted drives, disk analysis, analysis toolkit, volatile memory analysis, captures and analyzes packets on network.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

A Literature review on Cyber Forensic and its Analysis tools

Kaur¹,

Kaur²,

Khurana³

2016

International Journal of Advanced Research in Computer and Comm

View full text Add to dashboard Cite

show abstract

“…Lim et al identified that booting and uptime of a computer would be helpful to respond effectively to an information security incident [33]. Sbeyti used several kinds of information to observe user behavior on mobile devices, where power on/off is one such observation information [34].…”

Section: Usage Behaviorsmentioning

confidence: 99%

A Study on Decision-Making Opinion Exploration in Windows-Based Information Security Monitoring Tool Development

Chen

2021

Sustainability

View full text Add to dashboard Cite

In the information era, information security monitoring tools would be helpful for enterprises/organizations to monitor employees’ computer usage behaviors and improve their information security protection. The Windows-based operating systems have the largest market share in the world. Therefore, the study target is the development of a Windows-based information security monitoring tool in this study. We proposed an assessment model for developing an information security tool in this study to explore the significances of functionalities in a Windows-based information security monitoring tool and the decision-makers’ decision opinions. We adopted four steps with four study methods: the literature study method, the Delphi method, the analytic hierarchy process (AHP) method, and the analysis methods related to data-driven decision-making in the proposed model. In Step 1, we studied some literature about information security monitoring, and we discovered 26 functionalities as the decision criteria in this study. In Step 2, using the Delphi method, we confirmed the decision criterion set with potential decision-makers and organized the decision criteria hierarchy. In Step 3, we designed an AHP questionnaire to get the criterion weight vectors from the 12 decision-makers. With the AHP method, this study received the weights of the decision criteria and found that the 16 functionalities among the 26 functionalities should receive their corresponding developing priority in a Windows-based information security monitoring tool. Finally, we used the Pearson correlation coefficient and cosine distance to explore the correlations and similarities among the decision-makers’ decision opinions. This study found the relevance among the decision-makers’ decision opinions in a Windows-based information security monitoring tool developed with the Pearson correlation coefficients/the cosine distances among all pairs of decision-makers’ decision opinions.

show abstract

“…A Stepwise Forensic Approach to Incident Response and Computer Usage was proposed with the integration of two prior models; the Cyber Forensic Field Triage Process Model (CFFTPM) proposed by [7] and the Phased Investigation Methodology for Tracing Computer Usage (PIM) by [8]. CFFTPM formalises a real world investigative approach [9], affirming an onsite/field method that offers results within a short time frame without necessarily moving the suspecting/evidence media to a forensic lab for an exhaustive examination. The model emphasises a basis that; some incidences require swift and timely response, increased delay could imply greater harm to victims or assets, or better still the escape of a suspect.…”

Section: Stepwise Forensic Approachmentioning

confidence: 99%

“…The model emphasises a basis that; some incidences require swift and timely response, increased delay could imply greater harm to victims or assets, or better still the escape of a suspect. The PIM framework on the other hand centres on the selection of investigation targets, narrowing down the response and search to the barest minimum potential targets [9]. This allows for a prompt response to specific cases and affected systems.…”

Section: Stepwise Forensic Approachmentioning

confidence: 99%

A Comparative Assessment of Computer Security Incidence Handling

Ani

Agbanusi²

2014

BJMCS

View full text Add to dashboard Cite

Incidence response and handling has become quite a crucial, indispensible constituent of information technology security management, as it provides an organised way of handling the aftermaths of a security breach. It presents an organisation's reaction to illegitimate and unacceptable exploits on its assets or infrastructure. The goal must be to successfully neutralise the incident, such that damages are significantly reduced with attendant reduction in recovery time and costs. To achieve this, several approaches and methodologies proposed have been reviewed with a view to identifying essential processes. What is needed is referred to as incident capability mingled with collaborations. This defines a shift from response to management of computer security incidents in anointer relationship manner that foster collaboration through the exchange and sharing of incidence management details among several distinct organizations. Key step-up aspects centre on issues of enforcing and assuring trust and privacy. A viable collaborative incident response approach must be able to proffer both proactive and reactive mechanisms that are management-oriented and incorporating all required techniques and procedures.

show abstract

Applying a Stepwise Forensic Approach to Incident Response and Computer Usage Analysis

Cited by 5 publications

References 7 publications

A Literature review on Cyber Forensic and its Analysis tools

A Literature review on Cyber Forensic and its Analysis tools

A Study on Decision-Making Opinion Exploration in Windows-Based Information Security Monitoring Tool Development

A Comparative Assessment of Computer Security Incidence Handling

Contact Info

Product

Resources

About