Browse > Article
http://dx.doi.org/10.13089/JKIISC.2004.14.4.149

A Study on Network Forensics Information in Automated Computer Emergency Response System  

박종성 (고려대학교 정보보호대학원)
최운호 (금융결제원 금융 ISAC 정보보호기술)
문종섭 (고려대학교 정보보호대학)
손태식 (고려대학교 정보보호대학원)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.14, no.4, 2004 , pp. 149-162 More about this Journal
Abstract
Until now the study of computer forensics has been focused only system forensics which carried on keeping, processing and collecting the remained evidence on computer. Recently the trend of forensic study is proceeding about the network forensics which analyze the collected information in entire networks instead of analyzing the evidence on a victim computer. In particular network forensics is more important in Automated Computer Emergency Response System because the system deals with the intrusion evidence of entire networks. In this paper we defined the information of network forensics that have to be collected in Automated Computer Emergency Response System and verified the defined information by comparing with the collected information in experimental environments.
Keywords
Network Forensic; Automated Computer Emergency Response System; ISAC;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Keith J. Jones, 'incident response: Performing Investigations on a Live Host', computer forensic consultant for Foundstone, The Magazine of Usenix & Sage, pp. 26-31. November, 2001
2 최운호, '종합 침해사고 대응시스템의 전체 구성', 금융결제원
3 Vicka Corey, Charles Peterman, Sybil Shearin, Michael S.Greenberg, and James Van Bokkelen, 'Network Forensics Analysis', Sandstorm Enterprises, IEEE Internet Computing Magazine, November 2002
4 Renaud Deraison and Jordan Hrycaj, 'nessus: the free network security scanner', Nessus project, The Magazine of Usenix & Sage, pp. 45-48, November, 2000
5 Eoghan Casey, 'HANDBOOF OF Computer Crime Investigation', ACDEMIC PRESS, 2003
6 한민옥, 국가 사이버테러 대응체계 가동', 디지털타임스, 16, December. 2003
7 Rik Rarrow, 'Correlating Log File Entries', The Ohio State University Incident Response Team, The Magazine of Usenix & Sage, pp. 38-44, November, 2000
8 Henry B. Wolfe, 'Electronic Evidence Gathering'. DEAKIN UNIV. Seventh Australasian Conference on Information Security and Privacy, 2002
9 최운호, '국가 사이버상황실(CyberWaroom) 구축연구', 금융결제원
10 Allan H. Magee, Michael J. Hittel, 'Securing and preserving the scene of an electrical accident', GM Worldwide Facilities Member, Industrial and Commercial Power Systems Technical Conference. IEEE, 2001
11 Kulesh Shanmugasundaram, Nasir Memon, 'ForNet:A Distributed Forensic Network', Polytechnic UNIV, Digital Forensic Research Workshop, 2002
12 Melisa LaBancz, 'Network Forensics', networkSecurity.com, IT Journalist, April, 2002
13 Liu Jiqiang, Han Zhen, Lan Zengwei. 'Secure audit logs server to support computer forensics in criminal nvestigations', Department of Computer Science, Northen Jiaotong University, Proceeding of IEEE TENCON, 2002
14 Brad Powell, forensics lite', Sun Microsystems, The Magazine of Usenix & Sage, pp. 32-42, November, 2001
15 J, Philip Craiger, Alex Nicoll, Eline Burnham, 'An Applied Cource in Network Forensics', Department of Computer Science & Nebraska University Consortium for Information Assurance, Secure and Dependable Systems Workshop, September 23-25, 2002
16 Stephen Northcutt, Mark Cooper, Matt Fearnow, Karen Frederick, 'Intrusion Signatures and Analysis' New Riders, January 2001