An Efficient Method of Forensics Evidence Collection at the Time of Infringement Occurrence |
Choi Yoon-Ho
(School of EECS at Seoul National University)
Park Jong-Ho (School of EECS at Seoul National University) Kim Sang-Kon (School of EECS at Seoul National University) Kang Yu (KT) Choe Jin-Gi (KT) Moon Ho-Gun (KT) Rhee Myung-Su (KT) Seo Seung-Woo (School of EECS at Seoul National University) |
1 | iplog 2.2.3, a TCP/IP traffic logger, http://www.freshports.org/net/iplog |
2 | HerveDebar, Andreas Wespi, 'Aggregation and Correlation of Intrusion Detection Alerts', in proceedings of RAID 2001 |
3 | Benjamin Morin and al., 'M2D2: a formal data model for IDS Alert Correlation', Proceedings of RAID 2002, Zurich, Switzerland, October 2002 |
4 | P. A. Porras and P. G. Neumann, 'EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances', National Information Systems Security Conference, 1997 |
5 | Rootkit identifier, http://www.chkrootkit.org |
6 | Nessus 2.2.8, the network vulnerability scanner, http://www.nessus.org |
7 | Frederic Cuppens, Alexandre Miege, 'Alert Correlation in a Cooperative Intrusion Detection Framework', in proceedings of IEEE S&P, 2002 |
8 | '월간 정보보호 뉴스', 한국정보보호진흥원 정기간행물, 10, 2005 |
9 | Snort v2.0, an open source network intrusion detection system, http://www. snort.org |
10 | Mariusz Burdach, 'Forensic Analysis of a Live Linux System, Pt. 1,2', http://www.securityfocus.com |