On-site investigation methodology for incident response in Windows environments

Keungi Lee, Changhoon Lee, Sangjin Lee

Research output: Contribution to journalArticlepeer-review


In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

Original languageEnglish
Pages (from-to)1413-1420
Number of pages8
JournalComputers and Mathematics with Applications
Issue number9
Publication statusPublished - 2013 May

Bibliographical note

Funding Information:
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (grant number 2011-0005648 ).


  • Digital forensics
  • Live forensics
  • On-site investigation
  • Rapid investigation

ASJC Scopus subject areas

  • Modelling and Simulation
  • Computational Theory and Mathematics
  • Computational Mathematics


Dive into the research topics of 'On-site investigation methodology for incident response in Windows environments'. Together they form a unique fingerprint.

Cite this