2011 Sixth International Conference on IT Security Incident Management and IT Forensics

10-12 May 2011

Filter Results

Displaying Results 1 - 24 of 24
  • [Front cover]

    Publication Year: 2011, Page(s): C1
    Request permission for reuse | PDF file iconPDF (119 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2011, Page(s): i
    Request permission for reuse | PDF file iconPDF (42 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2011, Page(s): iii
    Request permission for reuse | PDF file iconPDF (86 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2011, Page(s): iv
    Request permission for reuse | PDF file iconPDF (122 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2011, Page(s):v - vi
    Request permission for reuse | PDF file iconPDF (111 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2011, Page(s): vii
    Request permission for reuse | PDF file iconPDF (61 KB) | HTML iconHTML
    Freely Available from IEEE
  • Committees

    Publication Year: 2011, Page(s):viii - ix
    Request permission for reuse | PDF file iconPDF (76 KB)
    Freely Available from IEEE
  • Reviewers

    Publication Year: 2011, Page(s): x
    Request permission for reuse | PDF file iconPDF (70 KB)
    Freely Available from IEEE
  • Keynotes

    Publication Year: 2011, Page(s): xi
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (55 KB) | HTML iconHTML

    Provides an abstract for each of the keynote presentations and may include a brief professional biography of each View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Workshops

    Publication Year: 2011, Page(s): xii
    Request permission for reuse | PDF file iconPDF (56 KB)
    Freely Available from IEEE
  • Sponsors

    Publication Year: 2011, Page(s):xiii - xv
    Request permission for reuse | PDF file iconPDF (234 KB)
    Freely Available from IEEE
  • Towards Forensic Data Flow Analysis of Business Process Logs

    Publication Year: 2011, Page(s):3 - 20
    Cited by:  Papers (7)  |  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (991 KB) | HTML iconHTML

    This paper presents RecIF, a forensic technique for the analysis of business process logs to detect illegal data flows. RecIF uses propagation graphs to formally capture the data flow within a process execution. Abstracting away from the concrete traces, propagation graphs are analyzed with extensional data flow policies that denote what - instead of how - relevant industrial requirements, e.g. Ch... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Aspects of Piecewise Hashing in Computer Forensics

    Publication Year: 2011, Page(s):21 - 36
    Cited by:  Papers (9)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (472 KB) | HTML iconHTML

    Although hash functions are a well-known method in computer science to map arbitrary large data to bit strings of a fixed length, their use in computer forensics is currently very limited. As of today, in a pre-step process hash values of files are generated and stored in a database, typically a cryptographic hash function like MD5 or SHA-1 is used. Later the investigator computes hash values of f... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Computational Documentation of IT Incidents as Support for Forensic Operations

    Publication Year: 2011, Page(s):37 - 47
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (536 KB) | HTML iconHTML

    This paper describes the development and prototypic implementation of a documentation system for IT incidents. A survey was conducted in order to obtain information on the current needs and likes of stakeholders involved in IT security. The outcome of this survey was used to create a documentation approach, based on best practices, which is able to create contexts between information assets over l... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Forensics Investigations of Multimedia Data: A Review of the State-of-the-Art

    Publication Year: 2011, Page(s):48 - 61
    Cited by:  Papers (16)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (352 KB) | HTML iconHTML

    Digital forensics is one of the cornerstones to investigate criminal activities such as fraud, computer security breaches or the distribution of illegal content. The importance and relevance of this research fields attracted various research institutes leading to substantial progress in the area of digital investigations. One essential piece of evidence is multimedia data. For this reason this pap... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design and Implementation of a Documentation Tool for Interactive Commandline Sessions

    Publication Year: 2011, Page(s):62 - 80
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (312 KB) | HTML iconHTML

    In digital investigations it is important to document the examination of a computer system with as much detail as possible. Allthough never designed for digital investigations, many experts use the software script to record their whole terminal session while analyzing a target system. We analyze script's deficiencies and present the design and implementation of for script (forensic script), a soft... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Usability of Forensics Tools: A User Study

    Publication Year: 2011, Page(s):81 - 91
    Cited by:  Papers (8)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (925 KB) | HTML iconHTML

    Digital forensics has become a critical part of almost every investigation, and users of digital forensics tools are becoming more diverse in their backgrounds and interests. As a result, usability is an important aspect of these tools. This paper examines the usability aspect of forensics tools through interviews and surveys designed to obtain feedback from professionals using these tools as part... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Common Scheme for Evaluation of Forensic Software

    Publication Year: 2011, Page(s):92 - 106
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (392 KB) | HTML iconHTML

    We introduce a first common evaluation scheme for forensic software. Therefore, we investigate potential attacks on forensic software to derive preliminary attacker models. We use the Federal Rules of Evidence and the Daubert Challenge of the US jurisdiction to investigate the legal fundamentals for forensic software and to show tendencies for other countries. Furthermore, current approaches for t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Integrated Security Incident Management -- Concepts and Real-World Experiences

    Publication Year: 2011, Page(s):107 - 121
    Cited by:  Papers (9)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (674 KB) | HTML iconHTML

    We present a holistic, process-oriented approach to ISO/IEC 27001 compliant security incident management that integrates multiple state-of-the-art security tools and has been applied to a real-world scenario very successfully for one year so far. The computer security incident response team, CSIRT, is enabled to correlate IT security related events across multiple communication channels and thus t... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards a Rapid-Alert System for Security Incidents

    Publication Year: 2011, Page(s):122 - 136
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (439 KB) | HTML iconHTML

    Predicting security incidents and forecasting risk are two essential duties when designing an enterprise security system. Based on a quantitative risk assessment technique arising from an an attacker-defender model, we propose a Bayesian learning strategy to continuously update the quality of protection and forecast the decision-theoretic risk. Evidence for or against the security of particular sy... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated Audit of Compliance and Security Controls

    Publication Year: 2011, Page(s):137 - 148
    Cited by:  Papers (9)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1349 KB) | HTML iconHTML

    This paper gives an overview of the existing standards to describe security content. We discuss the challenges security organizations are facing and present approaches for automation of security checks. The OVAL and XCCDF languages are examined in greater detail and an example for their use is given. We describe use cases for these languages and explain the benefits of their deployment. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Use of Machine Learning Classification Techniques to Detect Atypical Behavior in Medical Applications

    Publication Year: 2011, Page(s):149 - 162
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (545 KB) | HTML iconHTML

    Health care informatics is growing at an incredible pace. Originally, health care organizations, like all other industries, used pen and paper to track medical information. Ten years ago the more mature health care organizations had simply practice management applications. Today, these organizations have full blown electronic health records systems. Tomorrow these organizations will be sharing inf... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2011, Page(s): 163
    Request permission for reuse | PDF file iconPDF (62 KB)
    Freely Available from IEEE
  • [Publishers information]

    Publication Year: 2011, Page(s): 164
    Request permission for reuse | PDF file iconPDF (140 KB) | HTML iconHTML
    Freely Available from IEEE