Toward models for forensic analysis

Proceedings - SADFE 2007: Second International Workshop on Systematic Approaches to Digital Forensic Engineering

Volumn , Issue , 2007, Pages 3-15

  Peisert, Sean ^a   Bishops, Matt ^b   Karin, Sidney ^a   Marzullo, Keith ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b University of California

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SYSTEMS; DATA REDUCTION; DATA STRUCTURES; REAL TIME CONTROL;

COMPUTER FORENSICS; FORENSIC MODEL; MULTI-STAGE ATTACK;

AD HOC NETWORKS;

EID: 34548135293     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SADFE.2007.23     Document Type: Conference Paper

References (24)

1. Matt Bishop. A Model of Security Monitoring. In Proceedings of the Fifth Annual Computer Security Applications Conference (ACSAC), pages 46-52, Tucson, AZ, December 1989.
2. Matt Bishop. Vulnerabilities Analysis. In Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection (RAID), pages 125-136, September 1999.
3. Matt Bishop. Computer Security: Art and Science. Addison-Wesley Professional, Boston, MA, 2003.
4. Matt Bishop and Sean Peisert. Your Security Policy is What. Technical Report CSE-2006-20, University of California at Davis, 2006.
5. Mark W. Eichin and Jon A. Rochlis. With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, CA, 1989.
6. Dan Farmer and Wietse Venema. The Coroners Toolkit (TCT). http://www.porcupine.org/forensics/tct.html.
7. Dan Farmer and Wietse Venema. Forensic Discovery. Addison Wesley Professional, 2004.
8. Ashvin Goel, Wu-chang Feng, David Maier, Wu-chi Feng, and Jonathan Walpole. Forensix: A Robust, High-Performance Reconstruction System. In Proceedings of the 25th International Conference on Distributed Computing Systems Workshops, pages 155-162, 2005.
9. Andrew H. Gross. Analyzing Computer Intrusions. PhD thesis, University of California, San Diego, Department of Electrical and Computer Engineering, 1997.
10. Samuel T. King and Peter M. Chen. Backtracking Intrusions. ACM Transactions on Computer Systems, 23(1):51-76, February 2005.
11. Samuel T. King, Z. Morley Mao, Dominic G. Lucchetti, and Peter M. Chen. Enriching Intrusion Alerts Through Multi-Host Causality. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS), 2005.
12. Gene H. Kim and Eugene H. Spafford. The Design and Implementation of Tripwire: A File System Integrity Checker. In Proceedings of the 1994 ACM Conference on Communications and Computer Security (CCS), November 1994.
13. Benjamin A. Kuperman. A Categorization of Computer Security Monitoring Systems and the Impact on the Design of Audit Sources. PhD thesis, Purdue University, 2004.
14. Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo. Principles-Driven Forensic Analysis. In Proceedings of the 2005 New Security Paradigms Workshop (NSPW), pages 85-93, Lake Arrowhead, CA, October 20-23, 2005.
15. Sean Peisert, Matt Bishop, Sidney Karin, and Keith Marzullo. Analysis of Computer Intrusions Using Sequences of Function Calls. Submitted to IEEE Transactions on Dependable and Secure Computing (TDSC), 2006.
16. Bruce Schneier. Attack Trees: Modeling Security Threats. Dr. Dobb's Journal, 24(12):21-29, December 1999.
17. Fred B. Schneider. Enforceable Security Policies. ACM Transactions on Information and System Security (TISSEC), 3(1):30-50, February 2000.
18. Peter Sommer. Intrusion Detection Systems as Evidence. In Proceedings of the First International Workshop on Recent Advances in Intrusion Detection (RAID), 1998.
19. Peter Stephenson. The Application of Intrusion Detection Systems in a Forensic Environment (extended abstract). In The Third International Workshop on Recent Advances in Intrusion Detection (RAID), 2000.
20. Sun Microsystems, Inc. Auditing in the Solaris™ Operating Environment, February 2001.
21. Srianjani Sitaraman and S. Venkatesan. Forensic Analysis of File System Intrusions using Improved Backtracking. In Proceedings of the Third IEEE International Workshop on Information Assurance, pages 154-163, 2005.
22. Steven J. Templeton and Karl Levitt. A Requires/Provides Model for Computer Attacks. In Proceedings of the 2000 New Security Paradigms Workshop (NSPW), pages 31-38, Ballycotton, County Cork, Ireland, 2000.
23. Wietse Venema. TCP WRAPPER: Network monitoring, access control, and booby traps. In Proceedings of the 3rd USENIX Security Symposium, September 1992.
24. Jingmin Zhou, Mark Heckman, Brennan Reynolds, Adam Carlson, and Matt Bishop. Modelling Network Intrusion Detection Alerts for Correlation. To Appear in A CM Transactions on Information and System Security (TISSEC), 2007.