Titel
Enhancing credibility of digital evidence through provenance-based incident response handling
Autor*in
Ludwig Englbrecht
University of Regensburg
Autor*in
Günther Pernul
University of Regensburg
... show all
Abstract
Digital forensics are becoming increasingly important for the in-vestigation of computer-related crimes, white-collar crimes and massive hacker attacks. After an incident has been detected an appropriate incident response is usually initiated with the aim to mitigate the attack and ensure the recovery of the IT systems. Digi-tal Forensics pursues the goal of acquiring evidence that will stand up in court for sentencing and sometimes opposes contradicting objectives of incident response approaches. The concept presented here provides a solution to strengthen the credibility of digital ev-idence during actions related to incident response. It adapts an approach for data provenance to accurately track the transforma-tion of digital evidence. For this purpose, the affected system and the incident response systems are equipped with a whole system data provenance capturing mechanism and then data provenance is captured simultaneously during an incident response. Context infor-mation about the incident response is also documented. An adapted algorithm for sub-graph detection is used to identify similarities between two provenance graphs. By applying the proposed concept to a use case, the advantages are demonstrated and possibilities for further development are presented.
Sprache
Englisch [eng]
Persistent identifier
https://phaidra.univie.ac.at/o:1076814
Erschienen in
Titel
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security (ICPS Proceedings)
Verlag
ACM Press
Datum der Annahme zur Veröffentlichung
2019-08-26
Zugänglichkeit

Herunterladen

Universität Wien | Universitätsring 1 | 1010 Wien | T +43-1-4277-0