2008
DOI: 10.1016/j.diin.2008.05.008
|View full text |Cite
|
Sign up to set email alerts
|

FACE: Automated digital evidence discovery and correlation

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
47
0

Year Published

2012
2012
2021
2021

Publication Types

Select...
5
4

Relationship

0
9

Authors

Journals

citations
Cited by 85 publications
(47 citation statements)
references
References 8 publications
0
47
0
Order By: Relevance
“…Therefore, forensics investigation on inside activities in healthcare enterprise environment, including incident detection and reconstruction is critically needed (Tu et al, 2012). Current research on inside threat detection and identification (Eberle & Holder, 2009;Moore, Cappelli, & Trzeciak, 2008;Phua, Lee, Smith, & Gayler, 2007) and event reconstruction mechanisms (Case et al, 2008;Tang, & Daniels, 2005;Tu et al, 2012) are limited in real world since they require a comprehensive set of information including social information and explicit dependence knowledge, which are not available in an enterprise environment. Hence, a novel mechanisms are critical to identify potential inside activity and reconstruct the inside activity for tracking.…”
Section: Insider Activity Identification and Trackingmentioning
confidence: 99%
“…Therefore, forensics investigation on inside activities in healthcare enterprise environment, including incident detection and reconstruction is critically needed (Tu et al, 2012). Current research on inside threat detection and identification (Eberle & Holder, 2009;Moore, Cappelli, & Trzeciak, 2008;Phua, Lee, Smith, & Gayler, 2007) and event reconstruction mechanisms (Case et al, 2008;Tang, & Daniels, 2005;Tu et al, 2012) are limited in real world since they require a comprehensive set of information including social information and explicit dependence knowledge, which are not available in an enterprise environment. Hence, a novel mechanisms are critical to identify potential inside activity and reconstruct the inside activity for tracking.…”
Section: Insider Activity Identification and Trackingmentioning
confidence: 99%
“…The second type of analysis performed is anomaly detection. It works by defining parameters for normal activity for a given set of resources [17,18]. This defined normal activity becomes a baseline against which all activity is measured.…”
Section: Bridge Between Ids Outputs and Df Evidencementioning
confidence: 99%
“…Case et al [43] propose the FACE framework for performing automatic correlations in forensic investigation. However, the framework is structured to only consider static and known relations in data (for example, linking network socket in memory to TCP requests in packet capture) especially when signification case detail is available a priori.…”
Section: Correlation and Corroborationmentioning
confidence: 99%