{"title":"对受损系统进行取证分析","authors":"A. Baláz, R. Hlinka","doi":"10.1109/ICETA.2012.6418288","DOIUrl":null,"url":null,"abstract":"This article presents a study on whether and how may forensic analysis contribute to a compromised system. It explores the use of specific procedures for conducting security examinations of such a system, allowing gaining and store relevant evidence. Test results in laboratory-scale environment demonstrate the feasibility of performing general methods on live computer systems, operations systems in particular, all intended for the scale of forensic analyses. The study also weighs the relative contributions of possible forensic data sources which may a forensic analyst reveal throughout the analysis, especially important data obtained from operation systems Windows and Linux, whereby it is possible to extract valuable information. Finally, the exploratory activities result in the list of procedures applicable to Linux operating system that are seen to satisfy the security requirements for important data. The present study also intends to examine the mediating role of computer security as a process or mechanism by which to explain the relationship between forensic analysis and computing systems.","PeriodicalId":212597,"journal":{"name":"2012 IEEE 10th International Conference on Emerging eLearning Technologies and Applications (ICETA)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Forensic analysis of compromised systems\",\"authors\":\"A. Baláz, R. Hlinka\",\"doi\":\"10.1109/ICETA.2012.6418288\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article presents a study on whether and how may forensic analysis contribute to a compromised system. It explores the use of specific procedures for conducting security examinations of such a system, allowing gaining and store relevant evidence. Test results in laboratory-scale environment demonstrate the feasibility of performing general methods on live computer systems, operations systems in particular, all intended for the scale of forensic analyses. The study also weighs the relative contributions of possible forensic data sources which may a forensic analyst reveal throughout the analysis, especially important data obtained from operation systems Windows and Linux, whereby it is possible to extract valuable information. Finally, the exploratory activities result in the list of procedures applicable to Linux operating system that are seen to satisfy the security requirements for important data. The present study also intends to examine the mediating role of computer security as a process or mechanism by which to explain the relationship between forensic analysis and computing systems.\",\"PeriodicalId\":212597,\"journal\":{\"name\":\"2012 IEEE 10th International Conference on Emerging eLearning Technologies and Applications (ICETA)\",\"volume\":\"54 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE 10th International Conference on Emerging eLearning Technologies and Applications (ICETA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICETA.2012.6418288\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE 10th International Conference on Emerging eLearning Technologies and Applications (ICETA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICETA.2012.6418288","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
This article presents a study on whether and how may forensic analysis contribute to a compromised system. It explores the use of specific procedures for conducting security examinations of such a system, allowing gaining and store relevant evidence. Test results in laboratory-scale environment demonstrate the feasibility of performing general methods on live computer systems, operations systems in particular, all intended for the scale of forensic analyses. The study also weighs the relative contributions of possible forensic data sources which may a forensic analyst reveal throughout the analysis, especially important data obtained from operation systems Windows and Linux, whereby it is possible to extract valuable information. Finally, the exploratory activities result in the list of procedures applicable to Linux operating system that are seen to satisfy the security requirements for important data. The present study also intends to examine the mediating role of computer security as a process or mechanism by which to explain the relationship between forensic analysis and computing systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
