2009 Fifth International Conference on IT Security Incident Management and IT Forensics

15-17 Sept. 2009

Filter Results

Displaying Results 1 - 24 of 24
  • [Front cover]

    Publication Year: 2009, Page(s): C1
    Request permission for reuse | PDF file iconPDF (1979 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2009, Page(s): i
    Request permission for reuse | PDF file iconPDF (24 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2009, Page(s): iii
    Request permission for reuse | PDF file iconPDF (401 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2009, Page(s): iv
    Request permission for reuse | PDF file iconPDF (106 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2009, Page(s):v - vi
    Request permission for reuse | PDF file iconPDF (77 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2009, Page(s): vii
    Request permission for reuse | PDF file iconPDF (85 KB) | HTML iconHTML
    Freely Available from IEEE
  • Organizing Committee

    Publication Year: 2009, Page(s): viii
    Request permission for reuse | PDF file iconPDF (36 KB)
    Freely Available from IEEE
  • Sponsors

    Publication Year: 2009, Page(s): ix
    Request permission for reuse | PDF file iconPDF (713 KB)
    Freely Available from IEEE
  • Workshop: Digital Discovery with Bootable CDs

    Publication Year: 2009, Page(s): x
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (119 KB)

    Boot-CDs are a flexible and powerful method to assist in the whole forensic process from live examination to acquisition, searching and recovery. Linux was ever since the most popular OS for this purpose, but in some cases Windows-based live-CDs are also useful. In this workshop we present different real-life case scenarios and the corresponding live-boot-solution. Since kernel 2.6 Linux is able t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Overcast: Forensic Discovery in Cloud Environments

    Publication Year: 2009, Page(s):3 - 9
    Cited by:  Papers (24)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (276 KB) | HTML iconHTML

    While best practices and standards are emerging, supported by advances in research, for forensic investigations in individual computer systems and networks, new challenges are arising, which threaten to more than make up for the ground gained by investigators and researchers. In this paper we review some of the challenges posed by the increasingly common use of highly distributed and complex syste... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Experiences with the NoAH Honeynet Testbed to Detect new Internet Worms

    Publication Year: 2009, Page(s):13 - 26
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1006 KB) | HTML iconHTML

    Recently, major advances have been made in the area of honeypot technologies. These include the development of very accurate and reliable detection methods for unknown attacks targeted at memory corruption vulnerabilities and the design of efficient network architectures. These architectures allow to monitor a large network of IP addresses applying advanced detection methods for zero-day exploits ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Botnet Statistical Analysis Tool for Limited Resource Computer Emergency Response Team

    Publication Year: 2009, Page(s):27 - 40
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1380 KB) | HTML iconHTML

    Botnet is recognized as one of the fastest growing threat to the Internet and most users do not aware that they were victimized. ThaiCERT is one of many computer emergency response teams that have limited resources in term of budget to monitor and handle this kind of threat. An interim solution for teams with limited resource is to subscribe to the Shadowserver Foundation's mailing list instead of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Semi-autonomous Link Layer Vulnerability Discovery and Mitigation Dissemination

    Publication Year: 2009, Page(s):41 - 53
    Cited by:  Papers (5)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (939 KB) | HTML iconHTML

    Risk and vulnerability management is a critical task in maintaining any nontrivial network, but made increasingly difficult by the dynamic nature of internetworking, transient connectivity, and the use of virtual machines that are connected intermittently, while both real and virtual hosts may harbor vulnerabilities that must be addressed to protect both the vulnerable host and its environment whe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy

    Publication Year: 2009, Page(s):54 - 68
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1237 KB) | HTML iconHTML

    Forensic investigations are usually conducted to solve crimes committed using IT systems as pertetrator and/or victim. However, depending on the size of IT system, also nonmalicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well known computer incident taxonomy, this paper proposes the establishment a common langu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fast User Classifying to Establish Forensic Analysis Priorities

    Publication Year: 2009, Page(s):69 - 77
    Cited by:  Papers (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (646 KB) | HTML iconHTML

    In computer and common crimes, important evidence or clues are increasingly stored in the computers hard disks. The huge and increasing penetration of computers in the daily life together with a considerable increase of storage capacity in mass-market computers, pose, currently, new challenges to forensic operators. Usually a digital forensic investigator has to spend a lot of time in order to fin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The Forensic Image Generator Generator (Forensig2)

    Publication Year: 2009, Page(s):78 - 93
    Cited by:  Papers (10)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (478 KB) | HTML iconHTML

    We describe a system that allows to produce file system images for training courses in forensic computing. The instructor can ldquoprogramrdquo certain user behavior (like copying files and deleting them) in a script file which is then executed by the system using a combination of Python and Qemu. The result is a file system image that can be analysed by students within exercises on forensic compu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Safe-Keeping Digital Evidence with Secure Logging Protocols: State of the Art and Challenges

    Publication Year: 2009, Page(s):94 - 110
    Cited by:  Papers (10)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (511 KB) | HTML iconHTML

    While log data are being increasingly used as digital evidence in court, the extent to which existing secure logging protocols used to collect log data fulfill the legal requirements for admissible evidence remain largely unclear. This paper elucidates a subset of the necessary secure requirements for digital evidence and extensively surveys the state of the art secure logging protocols, thereby d... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Technique to Interrogate an Image of RAM

    Publication Year: 2009, Page(s):111 - 119
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (601 KB) | HTML iconHTML

    Using Mr. Aaron Walters' Python script, nistpe.py, which generates hash values for sections within Microsoft Windows portable executables (PE), I will present a technique allowing industry, academia, law-enforcement, and other government bodies to create custom reference sets that detect sections within a raw bit image of random access memory. The technique identifies PE sections within a raw bit ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An Automated User Transparent Approach to log Web URLs for Forensic Analysis

    Publication Year: 2009, Page(s):120 - 127
    Cited by:  Papers (2)  |  Patents (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (420 KB) | HTML iconHTML

    This paper presents an automated approach to record Web activity as the user connects to Internet. It includes monitoring and logging of Web URLs visited by the user. The distinctive features of this approach are a) it starts automatically, b) it is transparent to users, c) it is robust against intentional or un-intentional process kill, and d) it is robust against intentional or un-intentional co... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Self-Forensics Through Case Studies of Small-to-Medium Software Systems

    Publication Year: 2009, Page(s):128 - 141
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (547 KB) | HTML iconHTML

    The notion and definition of self-forensics was introduced by Mokhov to encompass software and hardware capabilities for autonomic and other systems to record their own states, events, and others encoded in a forensic form suitable for (potentially automated) forensic analysis, evidence modeling and specification, and event reconstruction for various system components. For self-forensics, ldquosel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analysis of Download Accelerator Plus (DAP) for Forensic Artefacts

    Publication Year: 2009, Page(s):142 - 152
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (529 KB) | HTML iconHTML

    Download accelerator plus (DAP) is one of the most popular download managers due to its free availability, download speed and versatility. This software records download activities across multiple files which include history, registry, RAM, swap and temporary files. This paper analyzes (a) the log files (with .DAT extension), (b) windows registry entries, and (c) RAM and swap files from forensic v... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Comprehensive and Comparative Analysis of the Patching Behavior of Open Source and Closed Source Software Vendors

    Publication Year: 2009, Page(s):153 - 168
    Cited by:  Papers (5)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (767 KB) | HTML iconHTML

    While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments is still weak. Addressing this research gap, this paper presents a comprehensive empirical investigation of the patching behavior of software vendors/communities of widely deployed open source and closed source software ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2009, Page(s): 169
    Request permission for reuse | PDF file iconPDF (90 KB)
    Freely Available from IEEE
  • [Publisher's information]

    Publication Year: 2009, Page(s): 170
    Request permission for reuse | PDF file iconPDF (143 KB) | HTML iconHTML
    Freely Available from IEEE