Open AccessForensic Evidence Identification and Modeling for Attacks against a Simulated Online Business Information System
Author(s) -
Manghui Tu,
Dianxiang Xu,
E. A. Butler,
Amanda Schwartz
Publication year - 2012
Publication title -
the journal of digital forensics, security and law
Language(s) - English
Resource type - Journals
eISSN - 1558-7223
pISSN - 1558-7215
DOI - 10.15394/jdfsl.2012.1134
Subject(s) - computer science , identification (biology) , computer security , fingerprint (computing) , process (computing) , computer forensics , business process , digital forensics , data science , engineering , botany , biology , operating system , compatibility (geochemistry) , chemical engineering
Forensic readiness can support future forensics investigation or auditing on external/internal attacks, internal sabotage and espionage, and business frauds. To establish forensics readiness, it is essential for an organization to identify what evidences are relevant and where they can be found, to determine whether they are logged in a forensic sound way and whether all the needed evidences are available to reconstruct the events successfully. Â Our goal of this research is to ensure evidence availability. First, both external and internal attacks are molded as augmented attack trees/graphs based on the system vulnerabilities. Second, modeled attacks are conducted against a honeynet simulating an online business information system, and each honeypot's hard drive is forensic sound imaged for each individual attack. Third, an evidence tree/graph will be built after forensics examination on the disk images for each attack. The evidence trees/graphs are expected to be used for automatic crime scene reconstruction and automatic attack/fraud detection in the future.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom