Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Network Forensics Information in Automated Computer Emergency Response System

자동화된 침해사고대응시스템에서의 네트웍 포렌식 정보에 대한 정의

  • 박종성 (고려대학교 정보보호대학원) ;
  • 최운호 (금융결제원 금융 ISAC 정보보호기술) ;
  • 문종섭 (고려대학교 정보보호대학) ;
  • 손태식 (고려대학교 정보보호대학원)
  • Published : 2004.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

Until now the study of computer forensics has been focused only system forensics which carried on keeping, processing and collecting the remained evidence on computer. Recently the trend of forensic study is proceeding about the network forensics which analyze the collected information in entire networks instead of analyzing the evidence on a victim computer. In particular network forensics is more important in Automated Computer Emergency Response System because the system deals with the intrusion evidence of entire networks. In this paper we defined the information of network forensics that have to be collected in Automated Computer Emergency Response System and verified the defined information by comparing with the collected information in experimental environments.

포렌식에 관한 연구는 현재가지 피해 컴퓨터에 남은 흔적을 수집하고 가공, 보관하는 시스템 포렌식에 치우쳐 있었다. 최근 들어 단순히 피해 컴퓨터에 남은 흔적만을 분석하는 것이 아닌 컴퓨터 시스템이 속한 전체 네트웍에서 침입 관련 정보를 얻고 분석하려는 네트웍 포렌식에 대한 연구가 활발하다. 특히나 자동화된 침해사고대응시스템에서는 전체 네트웍에 대한 침입 흔적을 다루어야 하기 때문에 네트웍 포렌식의 중요성이 크다고 할 수 있나, 본 논문에서는 자동화된 침해사고대응시스템에서 네트웍 포렌식 정보로서 수집되어야 할 정보들을 정의하고 정의된 정보들을 가상의 침해사고 시나리오를 통해 확인한다.

Keywords

References

  1. Henry B. Wolfe, 'Electronic Evidence Gathering'. DEAKIN UNIV. Seventh Australasian Conference on Information Security and Privacy, 2002
  2. Allan H. Magee, Michael J. Hittel, 'Securing and preserving the scene of an electrical accident', GM Worldwide Facilities Member, Industrial and Commercial Power Systems Technical Conference. IEEE, 2001
  3. Keith J. Jones, 'incident response: Performing Investigations on a Live Host', computer forensic consultant for Foundstone, The Magazine of Usenix & Sage, pp. 26-31. November, 2001
  4. Rik Rarrow, 'Correlating Log File Entries', The Ohio State University Incident Response Team, The Magazine of Usenix & Sage, pp. 38-44, November, 2000
  5. Brad Powell, forensics lite', Sun Microsystems, The Magazine of Usenix & Sage, pp. 32-42, November, 2001
  6. 최운호, '종합 침해사고 대응시스템의 전체 구성', 금융결제원
  7. 최운호, '국가 사이버상황실(CyberWaroom) 구축연구', 금융결제원
  8. 한민옥, 국가 사이버테러 대응체계 가동', 디지털타임스, 16, December. 2003
  9. Melisa LaBancz, 'Network Forensics', networkSecurity.com, IT Journalist, April, 2002
  10. Vicka Corey, Charles Peterman, Sybil Shearin, Michael S.Greenberg, and James Van Bokkelen, 'Network Forensics Analysis', Sandstorm Enterprises, IEEE Internet Computing Magazine, November 2002
  11. Liu Jiqiang, Han Zhen, Lan Zengwei. 'Secure audit logs server to support computer forensics in criminal nvestigations', Department of Computer Science, Northen Jiaotong University, Proceeding of IEEE TENCON, 2002
  12. J, Philip Craiger, Alex Nicoll, Eline Burnham, 'An Applied Cource in Network Forensics', Department of Computer Science & Nebraska University Consortium for Information Assurance, Secure and Dependable Systems Workshop, September 23-25, 2002
  13. Kulesh Shanmugasundaram, Nasir Memon, 'ForNet:A Distributed Forensic Network', Polytechnic UNIV, Digital Forensic Research Workshop, 2002
  14. Renaud Deraison and Jordan Hrycaj, 'nessus: the free network security scanner', Nessus project, The Magazine of Usenix & Sage, pp. 45-48, November, 2000
  15. Eoghan Casey, 'HANDBOOF OF Computer Crime Investigation', ACDEMIC PRESS, 2003
  16. Stephen Northcutt, Mark Cooper, Matt Fearnow, Karen Frederick, 'Intrusion Signatures and Analysis' New Riders, January 2001