On-site investigation methodology for incident response in Windows environments

Keungi Lee; Changhoon Lee; Sangjin Lee

doi:10.1016/j.camwa.2012.01.029

On-site investigation methodology for incident response in Windows environments

Keungi Lee, Changhoon Lee, Sangjin Lee

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

Abstract

In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

Original language	English
Pages (from-to)	1413-1420
Number of pages	8
Journal	Computers and Mathematics with Applications
Volume	65
Issue number	9
DOIs	https://doi.org/10.1016/j.camwa.2012.01.029
Publication status	Published - 2013 May

Keywords

Digital forensics
Live forensics
On-site investigation
Rapid investigation

ASJC Scopus subject areas

Modelling and Simulation
Computational Theory and Mathematics
Computational Mathematics

Access to Document

10.1016/j.camwa.2012.01.029

Cite this

@article{1d885603708b4b51a1104740ad83e4cd,

title = "On-site investigation methodology for incident response in Windows environments",

abstract = "In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.",

keywords = "Digital forensics, Live forensics, On-site investigation, Rapid investigation",

author = "Keungi Lee and Changhoon Lee and Sangjin Lee",

note = "Funding Information: This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (grant number 2011-0005648 ).",

year = "2013",

month = may,

doi = "10.1016/j.camwa.2012.01.029",

language = "English",

volume = "65",

pages = "1413--1420",

journal = "Computers and Mathematics with Applications",

issn = "0898-1221",

publisher = "Elsevier Limited",

number = "9",

}

TY - JOUR

T1 - On-site investigation methodology for incident response in Windows environments

AU - Lee, Keungi

AU - Lee, Changhoon

AU - Lee, Sangjin

N1 - Funding Information: This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (grant number 2011-0005648 ).

PY - 2013/5

Y1 - 2013/5

N2 - In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

AB - In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

KW - Digital forensics

KW - Live forensics

KW - On-site investigation

KW - Rapid investigation

UR - http://www.scopus.com/inward/record.url?scp=84877751992&partnerID=8YFLogxK

U2 - 10.1016/j.camwa.2012.01.029

DO - 10.1016/j.camwa.2012.01.029

M3 - Article

AN - SCOPUS:84877751992

SN - 0898-1221

VL - 65

SP - 1413

EP - 1420

JO - Computers and Mathematics with Applications

JF - Computers and Mathematics with Applications

IS - 9

ER -

On-site investigation methodology for incident response in Windows environments

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this