Embedding forensic capabilities into networks: Addressing inefficiencies in digital forensics investigations

Proceedings of the 2006 IEEE Workshop on Information Assurance

Volumn 2006, Issue , 2006, Pages 133-139

  Endicott Popovsky, Barbara E ^b   Frincke, Deborah A ^a,c  

^a IEEE   (United States)

^b UNIVERSITY OF WASHINGTON   (United States)

^c PACIFIC NORTHWEST NATIONAL LABORATORY   (United States)

Author keywords

Digital forensics; Life cycle; Network forensics; Networks

Indexed keywords

DIGITAL FORENSICS; NETWORK FORENSICS;

COMPUTATIONAL METHODS; COMPUTER NETWORKS; DATA REDUCTION; LIFE CYCLE;

PROGRAM DIAGNOSTICS;

EID: 33846017674     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (42)

1. Rowlinson, R. Ten Steps to Forensic Readiness, International Journal of Digital Evidence, Winter 2004, Volume 2, Issue 3.
2. Tan, J. (2001). Forensic Readiness, Cambridge, MA: @Stake.
3. D. Dittrich and Endicott-Popovsky, B.E. (Fall, 2003). INFO498 Introduction to Computer Security Incident Response, University of Washington, Seattle, WA.
4. Dittrich, D. Basic Steps in Forensic Analysis of Unix Systems. Retrieved October 28, 2004 from the World Wide Web http://staff.washington. edu/dittrich/misc/forensics/
5. [4a] CSI/FBI. (2005) CSI/FBI Computer Crime and Security Survey, Computer Security Institute, San Francisco, CA.
6. Endicott-Popovsky, B.E., Ryan, D., Frincke, D. (2005, September). The New Zealand Hacker Case: A Post Mortem, in Proceedings of the Safety and Security in a Networked World: Balancing Cyber-Rights & Responsibilities Conference at the Oxford Internet Institute, The University of Oxford, Oxford, England. Retrieved September 9, 2005 from the World Wide Web: http://www.oii.ox.ac.uk/research/cybersafety/?view=papers.
7. Dittrich, D. Developing an Effective Incident Cost Analysis Mechanism, Security Focus, June 12, 2002. Retrieved August 14, 2005 from the World Wide Web: http://online.securityfocus.com/infocus/1592
8. Endicott-Popovsky, B.E., (Spring '02) Lectures and Assignments: CSSE591 Computer Forensics: Seattle University, Seattle, WA.
9. th ed.) New York: McGraw-Hill.
10. Honeynet Project. (2001). Know Your Enemy II. Tracking the Blackhat's Moves. Retrieved August 04, 2005, from the World Wide Web: http://project.honeynet.org/papers/enemy2/index.html
11. Honeynet Project. (2000). Know Your Enemy III: They Gain Root. Retrieved August 04, 2005, from the World Wide Web: http://project.honeynet. org/papers/enemy3/index.html
12. Barton, C. Hacker Destroys 4500 Web Sites, New Zealand Herald, November 19, 1998. Retrieved August 13, 2005 from the World Wide Web: http://www.landfield.com/isn/mail-archive/1998/Nov/0098.html
13. Wall, T. Associates Denounce Website Hacker, New Zealand Herald, November 23, 1998. Retrieved August 13, 2005 from the World Wide Web: http://www.landfield.com/isn/mail-archive/1998/Nov/0098.html
14. Armstrong, D. Chch Fraud Squad out to Nail Hackers, The (New Zealand) Press, December 01, 1998. Retrieved August 13, 2005 from the World Wide Web: http://www.press.co.nz/48/981201c7.htm
15. Walden, I. Discussions. September 9, 2005 Safety and Security in a Networked World: Balancing Cyber-Rights & Responsibilities Conference at the Oxford Internet Institute, The University of Oxford, Oxford, England.
16. Attfield, P., Real-World Access Control Systematic Failures: Reality or Virtual Reality, in Journal Article Workshop, June '05, Ukraine.
17. Schuler, M and P. Attfield. (April 18, 2002). Seattle FBI Briefing: Operation Flyhook, Boeing Security Forum, Seattle, WA.
18. Koerner, B. From Russia with Lopht. Legal Affairs, May 1, 2002. Retrieved August 7, 2005 from the World Wide Web: http://www. newamerica.net/index.cfm?pg=article&DocID=792
19. United States. Department of Justice. Court proceedings and public-record trial exhibits, United States v. Vasily Gorshkov. Seattle, WA, September 2001.
20. United States. Department of Justice. Press Release: Russian Hacker Sentenced. Newark, NJ, July 25, 2003. Retrieved August 7, 2005 from the World Wide Web: http://www.usdoj.gov/criminal/cybercrime/ivanovSent_NJ.htm
21. Endicott-Popovsky, B.E., Frincke, D. Redefining Computer Security to Include Forensics, Poster session, 8th Annual Recent Advances in Intrusion Detection (RAID) Conference 7-9 September 2005, Seattle, WA.
22. Simon, M. Seminar in Data Security. Preston Gates: Seattle, WA, March 2, 2005.
23. Ellison, R.J., Mead, N.R., Longstaff, T.A. and R.C. Linger. (No Date) The Survivability Imperative: Protecting Critical Systems. Software Engineering Institute, Carnegie-Mellon University, Pittsburgh, PA. Retrieved October 10, 2003 from the World Wide Web: http://www.cert.org
24. CERT Coordination Center. (no date). The Survivable Network Analysis Method: Assessing Survivability of Critical Systems. Presentation: Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA. Retrieved October 10, 2003 from the World Wide Web: http://www.cert.org
25. Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A. and. N.R. Mead. (May, 1999). Survivable Network Systems: An Emerging Discipline. CMU/SEI 97-TR-013, Software Engineering Institute, Camegie-Mellon University, Pittsburgh, PA.
26. Endicott-Popovsky, B.E., Frincke, D, Adding the Fourth "R", in Proceedings of the 5th Annual IEEE Information Assurance Workshop, June '04, USMA, West Point.
27. Endicott-Popovsky, B.E., Frincke, D. (2006, January 4). Adding the Fourth 'R': A Systems Approach to Solving the Hacker's Arms Race. Hawaii International Conference on System Sciences (HICSS) 39 Symposium: Skilled Human-intelligent Agent Performance: Measurement, Application and Symbiosis, Kauai, HI, Retrieved January 4, 2006 from the World Wide Web: http://www.itl.nist.gov/iaui/vvrg/hicss39/.
28. Sommers, P. (2002, September). Emerging Problems on Digital Evidence. Presentation given at the Computer Forensics Workshop, University of Idaho, Moscow, ID.
29. Orton, I. (2002, October 24). Coordinating with Law Enforcement on Security Issues. Presentation given at Computer Security and Cybercrime II: Legal Risks and Responsibilities in a Dangerous World Workshop, King County Bar Association, Seattle, WA.
30. th Colloquium. Washington, D.C.
31. th IEEE International Conference on Distributed Computing Systems Workshops Columbus, Ohio, June 2005.
32. th Annual Colloquium June 2004, USMA, West Point.
33. Endicott-Popovsky, B.E., Frincke, D., Dittrich, D., et.al. The Manuka Project, in Proceedings from the Fifth IEEE Systems, Man and Cybernetics Information Assurance Workshop 10-11 June 2004, United States Military Academy, West Point, NY, pp.314-320.
34. Yasinsac, A. and Manzano, Y. (2001) Policies to Enhance Computer and Network Forensics. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security. United States Military Academy, West Point, NY, June 2001.
35. Wolfe-Wilson, J. and Wolfe, H.B. (2003) Management Strategies for Implementing Forensic Security Measures [electronic version]. Information Security Technical Report Volume 8, Issue 2, June 2003, pp.55-64.
36. Carrier, B. and Spafford, E. Getting Physical with the Digital Investigation Process, International Journal of Digital Evidence, vol. 2, 2 [Electronic version] Fall 2003.
37. McCumber, J. (2005). Assessing and Managing Security Risk in IT Systems: A Structured Methodology. New York: Auerbach Publications.
38. Pollit, M. Personal Interview in Syracuse, New York. (July 12, 2005).
39. Grance, T., Hash, J. and Stevens M. (2004). Security Considerations in the Information System Development Life Cycle. U.S. Department of Commerce, NIST Special Publication 800-64.
40. Bailey, K., Winn, J. Personal Interviews, March 31, 2006
41. Mocas, S., (2004). Building Theoretical Underpinnings for Digital Forensics Research, Compsec Online: Digital Investigations. Vol. 1, Issue 1.
42. Rogers, M. and K. Siegfried. (2003). The Future of Computer Forensics: A Needs Survey, CERIAS Tech Report 2003-30, Purdue University, Layfayette, IN.