Palantir: A framework for collaborative incident response and investigation

ACM International Conference Proceeding Series

Volumn Part F128834, Issue , 2009, Pages 38-51

  Khurana, Himanshu ^a   Basney, Jim ^a   Bakht, Mehedi ^a   Freemon, Mike ^a   Welch, Von ^a   Butler, Randy ^a  

^a UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

Author keywords

Digital investigation; Incident response; Multi site collaboration

Indexed keywords

COMPUTER APPLICATIONS; COMPUTER PROGRAMMING;

CYBER INFRASTRUCTURES; DIGITAL INVESTIGATION; DISTRIBUTED ATTACK; INCIDENT RESPONSE; INVESTIGATION PROCESS; MULTI-SITE; MULTIPLE ORGANIZATIONS; TECHNOLOGICAL CAPABILITY;

RESPONSE TIME (COMPUTER SYSTEMS);

EID: 85016936853     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1527017.1527023     Document Type: Conference Paper

References (36)

1. Cyber Storm Exercise Report. National Cyber Security Division, U.S. Department of Homeland Security, September, 2006, 2006.
2. T. Ahmed and A. R. Tripathi. Specification and verification of security requirements in a programming model for decentralized cscw systems. ACM Trans. Inf. Syst. Secur., 10(2):7, 2007.
3. C. Alberts, A. Dorofee, G. Killcrece, R. Ruefle, and M. Zajicek. Defining Incident Management Processes for CSIRTs: A Work in Progress. Technical Report CMU/SEI-2004-TR-015, Software Engineering Institute, Carnegie Mellon University, 2004.
4. P. Bajcsy, R. Kooper, L. Marini, B. Minsker, and J. Myers. CyberIntegrator: A Meta-Workflow System Designed for Solving Complex Scientific Problems using Heterogeneous Tools. In Proceedings of the Geoinformatics Conference, May 2006.
5. V. Baryamureeba and F. Tushabe. The Enhanced Digital Investigation Process Model. Process Model Asian Journal of Information Technology, 2006.
6. N. Beebe and J. G. Clark. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2):147-167, 2005.
7. R. Bobba, J. Muggli, M. Pant, J. Basney, and H. Khurana. Usable secure mailing lists with untrusted servers. In Symposium on Identity and Trust on the Internet (IDtrust), 2009.
8. M. J. W. Brown, D. Stikvoort, K. P. Kossakowski, K. P. Kossakowski, G. Killcrece, R. Ruefle, and M. Zajicek. Handbook for Computer Security Incident Response Teams (CSIRTs). CMU/SEI-2003-HB-002, April, 2003, 2003.
9. N. Brownlee and E. Guttman. Expectations for Computer Security Incident Response. IETF RFC 2350, June 1998.
10. Y. D. Cai, D. Clutter, G. Pape, J. Han, M. Welge, and L. Auvil. Maids: mining alarming incidents from data streams. In SIGMOD 04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pages 919-920, New York, NY, USA, 2004. ACM Press.
11. B. Carrier and E. H. Spafford. Getting Physical with the Digital Investigation Process. International Journal of Digital Evidence, 2(2), Fall 2003.
12. B. Carrier and E. H. Spafford. An Event-Based Digital Forensic Investigation Framework. In DFWRS04: Proceedings of the 4th Digital Forensics Research Workshop, 2004.
13. S. O. Ciardhúain. An Extended Model of Cybercrime Investigations. International Journal of Digital Evidence, 3(1), Summer 2004.
14. P. T. Devanbu and S. Stubblebine. Software engineering for security: A roadmap. In ICSE 00: Proceedings of the Conference on The Future of Software Engineering, pages 227-239, New York, NY, USA, 2000. ACM Press.
15. B. Fraser. Site Security Handbook. IETF RFC 2196, Sept. 1997.
16. J. Giordano and C. Maciag. Cyber Forensics: A Military Operations Perspective. International Journal of Digital Evidence, 1(2), Summer 2002.
17. T. Grance, K. Kent, and B. Kim. Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-61, January 2004.
18. R. S. C. Ieong. FORZA-Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3(Supplement-1):29-36, 2006.
19. H. Khurana, J. Heo, and M. Pant. From proxy encryption primitives to a deployable secure-mailing-list solution. In ICICS06: International Conference on Information and Communications Security, pages 260-281, 2006.
20. H. Khurana, A. J. Slagell, and R. Bonilla. SELS: A secure e-mail list service. In ACM Symposium on Applied Computing (SAC), Security Track, pages 306-313, 2005.
21. G. Killcrece, K.-P. Kossakowsk, R. Ruefle, and M. Zajicek. Organizational Models for Computer Security Incident Response Teams (CSIRTs). Technical Report Report: CMU/SEI-2003-HB-001, Carnegie Melon University/Software Engineering Institute, 2003.
22. K. Leune and S. Tesink. Designing and developing an Application for Incident Response Teams. In FIRST06: Forum for Incident Response Teams Conference, Baltimore, MD, USA, June 2006.
23. S. Mitropoulos, D. Patsos, and C. Douligeris. On Incident Handling and Response: A state-of-The-Art approach. Computers & Security, 25(5):351-370, July 2006.
24. G. Palmer. A Road Map for Digital Forensic Research. Technical Report Technical Report DTR-T001-01, Report From the First Digital Forensic Research Workshop (DFRWS), 2001.
25. M. Pollitt. Computer Forensics: An Approach to Evidence in Cyberspace. In Proceedings of the National Information Systems Security Conference, volume 2, pages 487-491, 1995.
26. M. M. Pollitt. An Ad Hoc Review of Digital Forensic Models. In SADFE 07: Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, pages 43-54, Washington, DC, USA, 2007.
27. C. Prosise, K. Mandia, and M. Pepe. Incident Response and Computer Forensics, Second Edition. McGraw-Hill Osborne Media, 2003.
28. M. Reith, C. Carr, and G. Gunsch. An Examination of Digital Forensic Models. International Journal of Digital Evidence, 1(3), Fall 2002.
29. R. L. Rollason-Reese. Incident handling: An orderly response to unexpected events. In SIGUCCS 03: Proceedings of the 31st annual ACM SIGUCCS conference on User services, pages 97-102. ACM Press, 2003.
30. R. Rowlingson. A Ten Step Process for Forensic Readiness. International Journal of Digital Evidence, 2(3), Winter 2004.
31. G. Ruibin, C. Kai, Y. Tony, and M. Gaertner. Case-Relevance Information Investigation: Binding Computer Intelligence to the Current Computer Forensic Framework. International Journal of Digital Evidence, 4(1), Spring 2005.
32. S. Schechter, J. Jung, W. Stockwell, and C. McLain. Inoculating SSH Against Address Harvesting. In NDSS06: The 13th Annual Network and Distributed System Security Symposium, San Diego, CA, February 2006.
33. A. Slagell, K. Lakkaraju, and K. Luo. FLAIM: A Multi-level Anonymization Framework for Computer and Network Logs. In LISA06: 20th USENIX Large Installation System Administration Conference, Washington, D.C., Dec. 2006.
34. P. Stephenson. Modeling of Post-Incident Root Cause Analysis. International Journal of Digital Evidence, 2(2), Fall 2003.
35. J. Vincent, R. Spier, D. Rolsky, D. Chamberlain, and R. Foley. RT Essentials. OReilly Media, Aug. 2005.
36. X. Yin, W. Yurcik, and A. Slagell. VisFlowCluster-IP: Connectivity-Based Visual Clustering of Network Hosts. In 21st IFIP TC-11 International Information Security Conference (SEC 06), May 2006.