Distributed forensics and incident response in the enterprise

Digital Investigation

Volumn 8, Issue SUPPL., 2011, Pages

  Cohen, M I ^a   Bilby, D ^a   Caronni, G ^a  

^a GOOGLE   (Switzerland)

Author keywords

Digital forensics; Distributed computing; Incident response; Information security; Live forensics; Malware; Memory forensics; Remote forensics

Indexed keywords

DISTRIBUTED COMPUTER SYSTEMS; MALWARE; MEMORY ARCHITECTURE; SECURITY OF DATA;

FORENSIC ANALYSIS; FORENSIC INVESTIGATION; INCIDENT RESPONSE; LIVE FORENSICS; MEMORY FORENSICS; OPEN SOURCE TOOLS; RAPID RESPONSE; REMOTE FORENSICS;

DIGITAL FORENSICS;

EID: 79961049729     PISSN: 17422876     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.diin.2011.05.012     Document Type: Conference Paper

References (32)

1. C. Bell, M. Kindahl, and L. Thalmann MySQL High Availability: tools for robust data Centers 2010 Oreilly & Associates Inc
2. B. Carrier, and E. Spafford Getting physical with the digital investigation process International Journal of Digital Evidence 2 2 2003 1 20 http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.76.757
3. B. Carrier The Sleuth Kit 2011 http://www.sleuthkit.org/
4. E. Casey, and A. Stanley Tool review-remote forensic preservation and examination tools Digital Investigation 1 4 2004 284 297 http://citeseerx.ist. psu.edu/viewdoc/download?doi=10.1.1.83.6733
5. M. Cohen, and B. Schatz Hash based disk imaging using AFF4 Digital Investigation 7 2010 S121 S128
6. M. Cohen, S. Garfinkel, and B. Schatz Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow Digital Investigation 6 2009 S57 S68
7. M. Cohen Hooking IO calls for multi-format image support 2005 http://www.sleuthkit.org/informer/sleuthkit-informer-19.txt
8. S. Garfinkel Digital forensics research: the next 10 years Digital Investigation 7 2010 S64 S73 http://www.dfrws.org/2010/proceedings/2010-308.pdf
9. Guidance Software, Inc. EnCase enterprise 2011 http://www. guidancesoftware.com/computer-forensics-fraud-investigation-software.htm
10. E. Kenneally, and C. Brown Risk sensitive digital evidence collection Digital Investigation 2 2 2005 101 119 (Pubitemid 40752688)
11. E. Kenneally Confluence of digital evidence and the law: on the forensic Soundness of live-remote digital evidence collection UCLA Journal of Law and Technology 5 2005 http://www.lawtechjournal.com/articles/2005/05/-051201/- Kenneally.pdf
12. E. Kim The new electronic discovery rules: a place for employee privacy? The Yale Law Journal 115 6 2006 1481 1490
13. J. Kornblum Implementing bitlocker drive encryption for forensic analysis Journal of Digital Investigation 5 3-4 2009 75 84
14. G. Lasprogata, N. King, and S. Pillay Regulation of electronic employee monitoring: identifying fundamental principles of employee privacy through a comparative study of data privacy legislation in the European Union, United States and Canada Stanford Technology Law Review 4 2004 24
15. MANDIANT MANDIANT Memoryze 2011 http://www.mandiant.com/products/free- software/memoryze/
16. F. Manola, E. Miller, and B. McBride RDF primer. W3C recommendation 10 2004
17. S. Mccreight, D. Weber, and M. Garrett Patent: Enterprise computer investigation system September 2004 http://www.freepatentsonline.com/6792545. html
18. Microsoft Corporation Computer online forensic evidence Extractor (COFEE) 2011 http://www.microsoft.com/industry/government/solutions/cofee/default.aspx
19. T.D. Morgan RegLookup 2011 http://code.google.com/p/reglookup/
20. T. Newsham, C. Palmer, A. Stamos, and J. Burns Breaking forensics software: Weaknesses in critical evidence collection Proceedings of the 2007 Black Hat Conference 2007 https://www.isecpartners.com/files/iSEC-Breaking/- Forensics/-Software-Paper.v1/-1.BH2007.pdf
21. C. Peron, and M. Legary Digital anti-forensics: emerging trends in data transformation techniques Proceedings of 2005 E-Crime and computer evidence Conference 2005
22. M. Rogers, J. Goldman, R. Mislan, T. Wedge, and S. Debrota Computer forensics field triage process model Proceeding of the Conference on digital forensics security and law, pp. Citeseer 2006 27 40
23. R. Rowlingson A ten step process for forensic readiness International Journal of Digital Evidence 2 3 2004 1 28 http://citeseerx.ist.psu.edu/viewdoc/ download?doi=10.1.1.65.6706
24. B. Schatz, and M. Cohen Refining evidence containers for Provenance and accurate data Representation Advances in Digital Forensics VI 2010 227 242
25. Scientific Working Group on Digital Evidence SWGDE best practices for computer forensics v2.1 2006 http://www.swgde.org/documents/current-documents/ 2006-07-19%20SWGDE%20Best%20Practices%20for%20Computer%20Forensics%20v2.1.pdf
26. M. Suiche MoonSols Windows memory Toolkit 2011 http://www.moonsols.com/ windows-memory-toolkit/
27. P. Turner Selective and intelligent imaging using digital evidence bags Journal of Digital Investigation 3 2006 59 64 https://www.dfrws.org/2006/ proceedings/8-Turner.pdf (Pubitemid 44066905)
28. Various OpenSSH 2011 http://www.openssh.com/
29. Various Python programming language Official Website 2011 http://www.python.org/
30. J. Viega Building secure software: how to avoid security problems the right way 2002 Addison-Wesley Reading MA
31. A. Walters, and N. Petroni Jr. Volatools: Integrating volatile memory forensics into the digital investigation process. Black Hat DC 2007 2007 http://www.blackhat.com/presentations/bh-dc-07/Walters/Paper/ bh-dc-07-Walters-WP.pdf
32. A. Walters, B. Dolan-Gavitt, and Various Volatility - An advanced memory forensics framework 2011 http://code.google.com/p/volatility/