{"title":"IR4CF: A intrusion replay system for computer forensics","authors":"Lei Xu, Zhihong Tian, Jianwei Ye, Hongli Zhang","doi":"10.1109/CCIENG.2011.6007958","DOIUrl":null,"url":null,"abstract":"When computer intrusions occur, one of the most costly, time-consuming, and human-intensive tasks is to analysis and take the evidence of the compromised system. IR4CF: a system call based intrusion replay system for supporting the computer forensics. IR4CF uses three key mechanisms to improve the accuracy and reduce the human overhead of performing forensic analysis. First, it streams the kernel event information in real-time, to append-only storage on a separate, hardened, logging machine, making the system resilient to a wide variety of attacks. Second, it uses system-call hijacking technology to perform comprehensive monitoring of the execution of a target system at the kernel event level, giving a high-resolution, application-independent view of all activity. Third, it analyses and replays the intrusion actions dynamically, which can be used for evidence in a court of law.","PeriodicalId":6316,"journal":{"name":"2011 IEEE 2nd International Conference on Computing, Control and Industrial Engineering","volume":"105 1","pages":"66-69"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 2nd International Conference on Computing, Control and Industrial Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCIENG.2011.6007958","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
When computer intrusions occur, one of the most costly, time-consuming, and human-intensive tasks is to analysis and take the evidence of the compromised system. IR4CF: a system call based intrusion replay system for supporting the computer forensics. IR4CF uses three key mechanisms to improve the accuracy and reduce the human overhead of performing forensic analysis. First, it streams the kernel event information in real-time, to append-only storage on a separate, hardened, logging machine, making the system resilient to a wide variety of attacks. Second, it uses system-call hijacking technology to perform comprehensive monitoring of the execution of a target system at the kernel event level, giving a high-resolution, application-independent view of all activity. Third, it analyses and replays the intrusion actions dynamically, which can be used for evidence in a court of law.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
