An Investigative Framework for Incident Analysis

Abstract : A computer incident occurs in a larger context than just a computer network. Because of this, investigators need a holistic forensic framework to analyze incidents in their entire context. This paper presents a framework that organizes incidents into social, logical and physical levels in order to analyze them in their entirety (including the human and physical factors) rather than from a purely technical viewpoint. The framework applies the six investigative questions – who, what, why, when, where and how – to the individual stages of an incident as well as to the entire incident. The utility of the framework is demonstrated using an insider threat case study, which shows where the evidence may be found in order to conduct a successful investigation.
Type de document :
Communication dans un congrès
Gilbert Peterson; Sujeet Shenoi. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-361, pp.23-34, 2011, Advances in Digital Forensics VII. 〈10.1007/978-3-642-24212-0_2〉
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01569558
Contributeur : Hal Ifip <>
Soumis le : jeudi 27 juillet 2017 - 08:22:31
Dernière modification le : vendredi 1 décembre 2017 - 01:16:43

Fichier

978-3-642-24212-0_2_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Clive Blackwell. An Investigative Framework for Incident Analysis. Gilbert Peterson; Sujeet Shenoi. 7th Digital Forensics (DF), Jan 2011, Orlando, FL, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-361, pp.23-34, 2011, Advances in Digital Forensics VII. 〈10.1007/978-3-642-24212-0_2〉. 〈hal-01569558〉

Partager

Métriques

Consultations de la notice

104

Téléchargements de fichiers

9