Browse > Article
http://dx.doi.org/10.3745/KTCCS.2016.5.4.95

Digital Forensic Indicators of Compromise Format(DFIOC) and Its Application  

Lee, Min Wook (고려대학교 정보보호학과)
Yoon, Jong Seong (고려대학교 정보보호학과)
Lee, Sang Jin (고려대학교)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.5, no.4, 2016 , pp. 95-102 More about this Journal
Abstract
Computer security incident such as confidential information leak and data destruction are constantly growing and it becomes threat to information in digital devices. To respond against the incident, digital forensic techniques are also developing to help digital incident investigation. With the development of digital forensic technology, a variety of forensic artifact has been developed to trace the behavior of users. Also, a diversity of forensic tool has been developed to extract information from forensic artifact. However, there is a issue that information from forensic tools has its own forms. To solve this problem, it needs to process data when it is output from forensic tools. Then it needs to compare and analyze processed data to identify how data is related each other and interpret the implications. To reach this, it calls for effective method to store and output data in the course of data processing. This paper aims to propose DFIOC (Digital Forensic Indicators Of Compromise) that is capable of transcribing a variety of forensic artifact information effectively during incident analysis and response. DFIOC, which is XML based format, provides "Evidence" to represent various forensic artifacts in the incident investigation. Furthermore, It provides "Forensic Analysis" to report forensic analysis result and also gives "Indicator" to investigate the trace of incidence quickly. By logging data into one sheet in DFIOC format for forensic analysis process, it is capable of avoiding unnecessary data processing. Lastly, since collected information is recorded in a normalized format, data input and output becomes much easier as well as it will be convenient to use for identification of collected information and analysis of data relationship.
Keywords
Incident Response; Digital Forensic; Forensic Artifacts Collecting Format; Indicator of Compromise(IOC);
Citations & Related Records
연도 인용수 순위
  • Reference
1 Alessandro Guarino, "Digital Forensics as a Big Data Challenge," StudioAG, ISSE 2013 Securing Electronic Business Processes, Vol.6, pp.197-203, 2013.
2 Yinghua Guo, Jill Slay, and Jason Beckett, "Validation and verification of computer forensic software, toolsdSearching Function," Digital Investigation, Vol.6, pp.S12-S22, Sep., 2009.   DOI
3 Karen Kent, Suzanne Chevalier, Tim Grance, and Hung Dang, "Guide to Integrating Forensic Techniques into Incident Response," NIST SP800-86 Notes, Aug., 2006.
4 MITRE [Internet], https://cyboxproject.github.io.
5 Eoghan Casey, Greg Back, and Sean Barnum, "Leveraging CybOX to standardize representation and exchange of digital forensic information," Digital Investication, Vol.12, pp.102-110, Mar., 2015.   DOI
6 Eoghan Casey, Greg Back, Sean Barnum [Internet], https://github.com/DFAX/dfax.
7 Mandiant [Internet], http://www.openioc.org.
8 Simson Garfinkel, "Digital forensics XML and the DFXML toolset," Vol.8. pp.161-174. Feb., 2012.   DOI
9 Simson Garfinkel [Internet], https://github.com/simsong/dfxml.
10 Stephen Larson, "Book Review: The Basics of Digital Forensics: The Primer For Getting Started in Digital Forensics," Journal of Digital Forensics, Security and Law, Vol.9, No.1, pp.83-85, 2014.