法庭事件重建系统综述

Int. J. Inf. Comput. Secur. Pub Date : 2017-10-20 DOI:10.1504/IJICS.2017.10008447

A. Dabir, A. Abdou, A. Matrawy

{"title":"法庭事件重建系统综述","authors":"A. Dabir, A. Abdou, A. Matrawy","doi":"10.1504/IJICS.2017.10008447","DOIUrl":null,"url":null,"abstract":"Security related incidents such as unauthorised system access, data tampering and theft have been noticeably rising. Tools such as firewalls, intrusion detection systems and anti-virus software strive to prevent these incidents. Since these tools only prevent an attack, once an illegal intrusion occurs, they cease to provide useful information beyond this point. Consequently, system administrators are interested in identifying the vulnerability in order to: 1) avoid future exploitation; 2) recover corrupted data; 3) present the attacker to law enforcement where possible. As such, forensic event reconstruction systems are used to provide the administrators with possible information. We present a survey on the current approaches towards forensic event reconstruction systems proposed over the past few years. Technical details are discussed, as well as analysis to their effectiveness, advantages and limitations. The presented tools are compared and assessed based on the primary principles that a forensic technique is expected to follow.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A survey on forensic event reconstruction systems\",\"authors\":\"A. Dabir, A. Abdou, A. Matrawy\",\"doi\":\"10.1504/IJICS.2017.10008447\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security related incidents such as unauthorised system access, data tampering and theft have been noticeably rising. Tools such as firewalls, intrusion detection systems and anti-virus software strive to prevent these incidents. Since these tools only prevent an attack, once an illegal intrusion occurs, they cease to provide useful information beyond this point. Consequently, system administrators are interested in identifying the vulnerability in order to: 1) avoid future exploitation; 2) recover corrupted data; 3) present the attacker to law enforcement where possible. As such, forensic event reconstruction systems are used to provide the administrators with possible information. We present a survey on the current approaches towards forensic event reconstruction systems proposed over the past few years. Technical details are discussed, as well as analysis to their effectiveness, advantages and limitations. The presented tools are compared and assessed based on the primary principles that a forensic technique is expected to follow.\",\"PeriodicalId\":164016,\"journal\":{\"name\":\"Int. J. Inf. Comput. Secur.\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Inf. Comput. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJICS.2017.10008447\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Inf. Comput. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJICS.2017.10008447","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

与安全有关的事件，如未经授权的系统访问、数据篡改和盗窃，已明显上升。诸如防火墙、入侵检测系统和防病毒软件等工具可有效防止此类事件发生。由于这些工具只能防止攻击，一旦发生非法入侵，它们就不再提供有用的信息。因此，系统管理员对识别漏洞很感兴趣，以便:1)避免将来的利用;2)恢复损坏的数据;3)尽可能将袭击者交给执法部门。因此，使用取证事件重建系统向管理员提供可能的信息。我们对过去几年提出的法医事件重建系统的当前方法进行了调查。讨论了技术细节，并分析了它们的有效性、优点和局限性。提出的工具是比较和评估的基础上，法医技术预计将遵循的主要原则。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A survey on forensic event reconstruction systems

Security related incidents such as unauthorised system access, data tampering and theft have been noticeably rising. Tools such as firewalls, intrusion detection systems and anti-virus software strive to prevent these incidents. Since these tools only prevent an attack, once an illegal intrusion occurs, they cease to provide useful information beyond this point. Consequently, system administrators are interested in identifying the vulnerability in order to: 1) avoid future exploitation; 2) recover corrupted data; 3) present the attacker to law enforcement where possible. As such, forensic event reconstruction systems are used to provide the administrators with possible information. We present a survey on the current approaches towards forensic event reconstruction systems proposed over the past few years. Technical details are discussed, as well as analysis to their effectiveness, advantages and limitations. The presented tools are compared and assessed based on the primary principles that a forensic technique is expected to follow.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Inf. Comput. Secur.

自引率

0.00%

发文量