An Investigative Framework for Incident Analysis - Archive ouverte HAL Access content directly
Conference Papers Year : 2011

An Investigative Framework for Incident Analysis

(1)
1

Abstract

A computer incident occurs in a larger context than just a computer network. Because of this, investigators need a holistic forensic framework to analyze incidents in their entire context. This paper presents a framework that organizes incidents into social, logical and physical levels in order to analyze them in their entirety (including the human and physical factors) rather than from a purely technical viewpoint. The framework applies the six investigative questions – who, what, why, when, where and how – to the individual stages of an incident as well as to the entire incident. The utility of the framework is demonstrated using an insider threat case study, which shows where the evidence may be found in order to conduct a successful investigation.
Fichier principal
Vignette du fichier
978-3-642-24212-0_2_Chapter.pdf (273.04 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01569558 , version 1 (27-07-2017)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Clive Blackwell. An Investigative Framework for Incident Analysis. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. pp.23-34, ⟨10.1007/978-3-642-24212-0_2⟩. ⟨hal-01569558⟩
86 View
81 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More