2013 Seventh International Conference on IT Security Incident Management and IT Forensics

12-14 March 2013

Filter Results

Displaying Results 1 - 25 of 25
  • [Front cover]

    Publication Year: 2013, Page(s): C4
    Request permission for commercial reuse | PDF file iconPDF (543 KB)
    Freely Available from IEEE
  • [Title page i]

    Publication Year: 2013, Page(s): i
    Request permission for commercial reuse | PDF file iconPDF (175 KB)
    Freely Available from IEEE
  • [Title page iii]

    Publication Year: 2013, Page(s): iii
    Request permission for commercial reuse | PDF file iconPDF (260 KB)
    Freely Available from IEEE
  • [Copyright notice]

    Publication Year: 2013, Page(s): iv
    Request permission for commercial reuse | PDF file iconPDF (120 KB)
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2013, Page(s):v - vi
    Request permission for commercial reuse | PDF file iconPDF (125 KB)
    Freely Available from IEEE
  • Preface

    Publication Year: 2013, Page(s):vii - viii
    Request permission for commercial reuse | PDF file iconPDF (168 KB) | HTML iconHTML
    Freely Available from IEEE
  • Organizing Committee

    Publication Year: 2013, Page(s): ix
    Request permission for commercial reuse | PDF file iconPDF (168 KB)
    Freely Available from IEEE
  • Program Committee

    Publication Year: 2013, Page(s): x
    Request permission for commercial reuse | PDF file iconPDF (159 KB)
    Freely Available from IEEE
  • Reviewers

    Publication Year: 2013, Page(s): xi
    Request permission for commercial reuse | PDF file iconPDF (160 KB)
    Freely Available from IEEE
  • Keynotes

    Publication Year: 2013, Page(s): xii
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (135 KB)

    Provides an abstract for each of the keynote presentations and may include a brief professional biography of each View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Workshops

    Publication Year: 2013, Page(s):xiii - xiv
    Request permission for commercial reuse | PDF file iconPDF (183 KB)
    Freely Available from IEEE
  • Sponsors

    Publication Year: 2013, Page(s):xv - xvi
    Request permission for commercial reuse | PDF file iconPDF (267 KB)
    Freely Available from IEEE
  • Forewarned is Forearmed: Indicators for Evaluating Information Security Incident Management

    Publication Year: 2013, Page(s):3 - 14
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (322 KB) | HTML iconHTML

    This paper presents a method for evaluating an organization's ability to manage security incidents. The method is based on resilient thinking, and describes how to identify, select and implement early-warning indicators for information security incident management. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Identifying a Shared Mental Model Among Incident Responders

    Publication Year: 2013, Page(s):15 - 25
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (222 KB) | HTML iconHTML

    Typically, there is a direct correlation between the time to resolve an incident and the damage sustained by an organization, with faster resolution of the incident resulting in less damage to the organization. Therefore, improving coordination between organizations experiencing the same or related incidents allows faster resolution and hence less damage to each organization. Coordination, however... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Case Study: Preparing for the Smart Grids - Identifying Current Practice for Information Security Incident Management in the Power Industry

    Publication Year: 2013, Page(s):26 - 32
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (530 KB) | HTML iconHTML

    The power industry faces the implementation of smart grids, which will introduce new information security threats to the power automation systems. The ability to appropriately prepare for, and respond to, information security incidents, is of utmost importance, as it is impossible to prevent all possible incidents from occurring. Current trends even show that the power industry is an attractive ta... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • mvHash-B - A New Approach for Similarity Preserving Hashing

    Publication Year: 2013, Page(s):33 - 44
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (207 KB) | HTML iconHTML

    The handling of hundreds of thousands of files is a major challenge in today's IT forensic investigations. In order to cope with this information overload, investigators use fingerprints (hash values) to identify known files automatically using blacklists or whitelists. Besides detecting exact duplicates it is helpful to locate similar files by using similarity preserving hashing (SPH), too. We pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Selective Imaging Revisited

    Publication Year: 2013, Page(s):45 - 58
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (759 KB) | HTML iconHTML

    The standard procedure for the acquisition of digital evidence in forensic investigations is to produce a bit-wise 1:1 copy of the original data on a digital storage device. This is often called imaging and becoming a bottleneck in modern digital investigations. The notion of selective imaging was introduced by Turner in 2005 and associated with the decision not to acquire all possible information... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing a cloud computing based approach for forensic analysis using OCR

    Publication Year: 2013, Page(s):59 - 68
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (306 KB) | HTML iconHTML

    One of the major issues in digital forensics is that cyber criminals tend to hide digital evidence before forensic tools are applied to find them. A simple but effective method to evade detection is to embed textual information in a picture such as a screenshot. On the detective's side, we can use Optical Character Recognition (OCR) algorithms to retrieve the textual information from a picture or ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On Bayesian Trust and Risk Forecasting for Compound Systems

    Publication Year: 2013, Page(s):69 - 82
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (244 KB) | HTML iconHTML

    We present a probabilistic (frequentistic) model of trust with efficient Bayesian updating procedures and support of hierarchically structured systems. Trust is highly influenced on information gathered from different sources, like newspaper or scientific reports on the security or vulnerability of computer systems. Assuming text-mining and incident documentation facilities available that provide ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Anti-forensics: The Next Step in Digital Forensics Tool Testing

    Publication Year: 2013, Page(s):83 - 97
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (599 KB) | HTML iconHTML

    We classify and present established and new attacks on digital forensics tools. In particular, we present the first and surprisingly simple code injection attack on a commercial analysis tool that potentially allows to infiltrate the analysis system. We argue that digital forensics tool testing must mature to cater for malicious adversaries. We also discuss possible countermeasures. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Forensic Application-Fingerprinting Based on File System Metadata

    Publication Year: 2013, Page(s):98 - 112
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1057 KB) | HTML iconHTML

    While much work has been invested in tools for aquisition and extraction of digital evidence, there are only few tools that allow for automatic event reconstruction. In this paper, we present a generic approach for forensic event reconstruction based on digital evidence from file systems. Our approach applies the idea of fingerprinting to changes made by applications in file system metadata. We pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Statistical Pattern Recognition Based Content Analysis on Encrypted Network: Traffic for the TeamViewer Application

    Publication Year: 2013, Page(s):113 - 121
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (318 KB) | HTML iconHTML

    In the course of a forensic investigation it might be required to distinguish between different network activities. While various means to analyse network traffic exist, encrypted traffic often makes such an analysis problematic. The focus of this paper is to introduce a method based on statistical pattern recognition on network recordings of encrypted sessions to distinguish between different act... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Visualizing Indicators of Rootkit Infections in Memory Forensics

    Publication Year: 2013, Page(s):122 - 139
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (649 KB) | HTML iconHTML

    Research in the area of memory forensics has been flourishing over the last years, and powerful analysis frameworks such as Volatility have been developed. While these frameworks permit examining a forensic memory snapshot in great detail, they mainly aim at experienced investigators with a thorough knowledge of operating system internals. On the other hand, result correlation and interpretation i... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Publication Year: 2013, Page(s): 140
    Request permission for commercial reuse | PDF file iconPDF (56 KB)
    Freely Available from IEEE
  • [Roster page]

    Publication Year: 2013, Page(s): 142
    Request permission for commercial reuse | PDF file iconPDF (159 KB)
    Freely Available from IEEE