Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.3.523

Build a Digital Evidence Map considered Log-Chain  

Park, Hojin (Digital Forensic Research Center, Korea University)
Lee, Sangjin (Digital Forensic Research Center, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.3, 2014 , pp. 523-533 More about this Journal
Abstract
It has been spent too much time to figure out the incident route when we are facing computer security incident. The incident often recurs moreover the damage is expanded because critical clues are lost while we are wasting time with hesitation. This paper suggests to build a Digital Evidence Map (DEM) in order to find out the incident cause speedy and accurately. The DEM is consist of the log chain which is a mesh relationship between machine data. And the DEM should be managed constantly because the log chain is vulnerable to various external facts. It could help handle the incident quickly and cost-effectively by acquainting it before incident. Thus we can prevent recurrence of incident by removing the root cause of it. Since the DEM has adopted artifacts in data as well as log, we could make effective response to APT attack and Anti-Forensic.
Keywords
incident response forensic; evidence map; log chain; windows artifacts;
Citations & Related Records
연도 인용수 순위
  • Reference
1 NIST, SP800-92, "Guide to Computer Security Log Management," pp. 28. Sept. 2006
2 Kwonyeop Kim, "A study on the Windows Registry as Digital Forensic," pp. 6, Feb. 2006
3 Dongeun Lee, "A study on the $LOGFILE of NTFS as Digital Forensic," pp. 37, Feb. 2007
4 log2timeline, "Current Input Modules," http://log2timeline.net/#input, 2013
5 Symantec, Internet Security Threat Report, vol 18, pp. 64. 2013
6 Suntae Park, "2013 Major Incident Cases and Response," 17th CONCERT, pp. 14, Dec. 2013
7 Seungjo Baek, Jongin Lim, "A study on the Forensic Readiness as an Effective Measure for Personal Information Protection," Internet and Information Security vol. 3, no. 2, 2012
8 Rowlingson, R. "A Ten Setp Process for Forensic Readiness, International Journal of Digital Evidence," vol. 2, no. 3, Winter 2004.
9 "2013 DATA BREACH INVESTIGATIONS REPORT," Verizon, pp. 55, 2013
10 Bruce Schneier, "Secrets & Lies," WILEY, US, Preface, 2000
11 Jonghyeon Kim and 4 others "Technical Trends of Cyber Security with Big Data," ETRI Cyber Security Technology Special Issue, pp. 23, 2013
12 KISA, "An Incident Analysis Process Guide," pp.14, 2010
13 NIST, SP800-61 Revision 2, "Computer Security Incident Handling Guide," pp. 21, Aug. 2012