Skip to Main content Skip to Navigation
Conference papers

An Investigative Framework for Incident Analysis

Abstract : A computer incident occurs in a larger context than just a computer network. Because of this, investigators need a holistic forensic framework to analyze incidents in their entire context. This paper presents a framework that organizes incidents into social, logical and physical levels in order to analyze them in their entirety (including the human and physical factors) rather than from a purely technical viewpoint. The framework applies the six investigative questions – who, what, why, when, where and how – to the individual stages of an incident as well as to the entire incident. The utility of the framework is demonstrated using an insider threat case study, which shows where the evidence may be found in order to conduct a successful investigation.
Document type :
Conference papers
Complete list of metadata

Cited literature [15 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, July 27, 2017 - 8:22:31 AM
Last modification on : Thursday, March 5, 2020 - 4:46:42 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Clive Blackwell. An Investigative Framework for Incident Analysis. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. pp.23-34, ⟨10.1007/978-3-642-24212-0_2⟩. ⟨hal-01569558⟩



Record views


Files downloads