TY - JOUR
T1 - On-site investigation methodology for incident response in Windows environments
AU - Lee, Keungi
AU - Lee, Changhoon
AU - Lee, Sangjin
N1 - Funding Information:
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (grant number 2011-0005648 ).
PY - 2013/5
Y1 - 2013/5
N2 - In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.
AB - In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.
KW - Digital forensics
KW - Live forensics
KW - On-site investigation
KW - Rapid investigation
UR - http://www.scopus.com/inward/record.url?scp=84877751992&partnerID=8YFLogxK
U2 - 10.1016/j.camwa.2012.01.029
DO - 10.1016/j.camwa.2012.01.029
M3 - Article
AN - SCOPUS:84877751992
SN - 0898-1221
VL - 65
SP - 1413
EP - 1420
JO - Computers and Mathematics with Applications
JF - Computers and Mathematics with Applications
IS - 9
ER -