{"title":"IR4CF:用于计算机取证的入侵重播系统","authors":"Lei Xu, Zhihong Tian, Jianwei Ye, Hongli Zhang","doi":"10.1109/CCIENG.2011.6007958","DOIUrl":null,"url":null,"abstract":"When computer intrusions occur, one of the most costly, time-consuming, and human-intensive tasks is to analysis and take the evidence of the compromised system. IR4CF: a system call based intrusion replay system for supporting the computer forensics. IR4CF uses three key mechanisms to improve the accuracy and reduce the human overhead of performing forensic analysis. First, it streams the kernel event information in real-time, to append-only storage on a separate, hardened, logging machine, making the system resilient to a wide variety of attacks. Second, it uses system-call hijacking technology to perform comprehensive monitoring of the execution of a target system at the kernel event level, giving a high-resolution, application-independent view of all activity. Third, it analyses and replays the intrusion actions dynamically, which can be used for evidence in a court of law.","PeriodicalId":6316,"journal":{"name":"2011 IEEE 2nd International Conference on Computing, Control and Industrial Engineering","volume":"105 1","pages":"66-69"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"IR4CF: A intrusion replay system for computer forensics\",\"authors\":\"Lei Xu, Zhihong Tian, Jianwei Ye, Hongli Zhang\",\"doi\":\"10.1109/CCIENG.2011.6007958\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"When computer intrusions occur, one of the most costly, time-consuming, and human-intensive tasks is to analysis and take the evidence of the compromised system. IR4CF: a system call based intrusion replay system for supporting the computer forensics. IR4CF uses three key mechanisms to improve the accuracy and reduce the human overhead of performing forensic analysis. First, it streams the kernel event information in real-time, to append-only storage on a separate, hardened, logging machine, making the system resilient to a wide variety of attacks. Second, it uses system-call hijacking technology to perform comprehensive monitoring of the execution of a target system at the kernel event level, giving a high-resolution, application-independent view of all activity. Third, it analyses and replays the intrusion actions dynamically, which can be used for evidence in a court of law.\",\"PeriodicalId\":6316,\"journal\":{\"name\":\"2011 IEEE 2nd International Conference on Computing, Control and Industrial Engineering\",\"volume\":\"105 1\",\"pages\":\"66-69\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 2nd International Conference on Computing, Control and Industrial Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCIENG.2011.6007958\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 2nd International Conference on Computing, Control and Industrial Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCIENG.2011.6007958","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
IR4CF: A intrusion replay system for computer forensics
When computer intrusions occur, one of the most costly, time-consuming, and human-intensive tasks is to analysis and take the evidence of the compromised system. IR4CF: a system call based intrusion replay system for supporting the computer forensics. IR4CF uses three key mechanisms to improve the accuracy and reduce the human overhead of performing forensic analysis. First, it streams the kernel event information in real-time, to append-only storage on a separate, hardened, logging machine, making the system resilient to a wide variety of attacks. Second, it uses system-call hijacking technology to perform comprehensive monitoring of the execution of a target system at the kernel event level, giving a high-resolution, application-independent view of all activity. Third, it analyses and replays the intrusion actions dynamically, which can be used for evidence in a court of law.