| Download ( PDF | 845kB) |
Enhancing credibility of digital evidence through provenance-based incident response handling
Englbrecht, Ludwig
, Langner, Gregor, Pernul, Günther und Quirchmayr, Gerald
(2019)
26. Enhancing credibility of digital evidence through provenance-based incident response handling.
In:
ARES '19 Proceedings of the 14th International Conference on Availability, Reliability and Security.
ACM, New York, NY, USA.
ISBN 978-1-4503-7164-3.
Veröffentlichungsdatum dieses Volltextes: 13 Aug 2019 12:50
Buchkapitel
DOI zum Zitieren dieses Dokuments: 10.5283/epub.40660
Zusammenfassung
Digital forensics are becoming increasingly important for the investigation of computer-related crimes, white-collar crimes and massive hacker attacks. After an incident has been detected an appropriate incident response is usually initiated with the aim to mitigate the attack and ensure the recovery of the IT systems. Digital Forensics pursues the goal of acquiring evidence that will stand up in ...
Digital forensics are becoming increasingly important for the investigation of computer-related crimes, white-collar crimes and massive hacker attacks. After an incident has been detected an appropriate incident response is usually initiated with the aim to mitigate the attack and ensure the recovery of the IT systems. Digital Forensics pursues the goal of acquiring evidence that will stand up in court for sentencing and sometimes opposes contradicting objectives of incident response approaches. The concept presented here provides a solution to strengthen the credibility of digital evidence during actions related to incident response. It adapts an approach for data provenance to accurately track the transformation of digital evidence. For this purpose, the affected system and the incident response systems are equipped with a whole system data provenance capturing mechanism and then data provenance is captured simultaneously during an incident response. Context information about the incident response is also documented. An adapted algorithm for sub-graph detection is used to identify similarities between two provenance graphs. By applying the proposed concept to a use case, the advantages are demonstrated and possibilities for further development are presented.
Alternative Links zum Volltext
Beteiligte Einrichtungen
Details
| Dokumentenart | Buchkapitel | ||||
| ISBN | 978-1-4503-7164-3 | ||||
| Buchtitel: | ARES '19 Proceedings of the 14th International Conference on Availability, Reliability and Security | ||||
|---|---|---|---|---|---|
| Verlag: | ACM | ||||
| Ort der Veröffentlichung: | New York, NY, USA | ||||
| Nummer des Zeitschriftenheftes oder des Kapitels: | 26 | ||||
| Datum | 26 August 2019 | ||||
| Zusätzliche Informationen (Öffentlich) | Canterbury, CA, United Kingdom — August 26 - 29, 2019 | ||||
| Institutionen | Wirtschaftswissenschaften > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) Informatik und Data Science > Fachbereich Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik I - Informationssysteme (Prof. Dr. Günther Pernul) | ||||
| Identifikationsnummer |
| ||||
| Verwandte URLs |
| ||||
| Stichwörter / Keywords | Incident Response, Digital Forensics, Digital evidence credibility, Data Provenance, Cyber Security, Evidence collection | ||||
| Dewey-Dezimal-Klassifikation | 000 Informatik, Informationswissenschaft, allgemeine Werke > 050 Zeitschriften, fortlaufende Sammelwerke | ||||
| Status | Veröffentlicht | ||||
| Begutachtet | Ja, diese Version wurde begutachtet | ||||
| An der Universität Regensburg entstanden | Ja | ||||
| URN der UB Regensburg | urn:nbn:de:bvb:355-epub-406601 | ||||
| Dokumenten-ID | 40660 |
Bibliographische Daten exportieren
Nur für Besitzer und Autoren: Kontrollseite des Eintrags
Downloadstatistik
Downloadstatistik