Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Incident handling: an orderly response to unexpected events
SIGUCCS '03 Proceedings of the 31st annual ACM SIGUCCS fall conference
MAIDS: mining alarming incidents from data streams
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
SELS: a secure e-mail list service
Proceedings of the 2005 ACM symposium on Applied computing
Incident Response & Computer Forensics, 2nd Ed.
Incident Response & Computer Forensics, 2nd Ed.
RT Essentials
ACM Transactions on Information and System Security (TISSEC)
An Ad Hoc Review of Digital Forensic Models
SADFE '07 Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering
FLAIM: a multi-level anonymization framework for computer and network logs
LISA '06 Proceedings of the 20th conference on Large Installation System Administration
Usable secure mailing lists with untrusted servers
Proceedings of the 8th Symposium on Identity and Trust on the Internet
From proxy encryption primitives to a deployable secure-mailing-list solution
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
FORZA - Digital forensics investigation framework that incorporate legal issues
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A hierarchical, objectives-based framework for the digital investigations process
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Network forensic frameworks: Survey and research challenges
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Where do I start?: algorithmic strategies to guide intelligence analysts
Proceedings of the ACM SIGKDD Workshop on Intelligence and Security Informatics
Storytelling in entity networks to support intelligence analysts
Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining
Hi-index | 0.00 |
Organizations owning cyber-infrastructure assets face large scale distributed attacks on a regular basis. In the face of increasing complexity and frequency of such attacks, we argue that it is insufficient to rely on organizational incident response teams or even trusted coordinating response teams. Instead, there is need to develop a framework that enables responders to establish trust and achieve an effective collaborative response and investigation process across multiple organizations and legal entities to track the adversary, eliminate the threat and pursue prosecution of the perpetrators. In this work we develop such a framework for effective collaboration. Our approach is motivated by our experiences in dealing with a large-scale distributed attack that took place in 2004 known as Incident 216. Based on our approach we present the Palantir system that comprises conceptual and technological capabilities to adequately respond to such attacks. To the best of our knowledge this is the first work proposing a system model and implementation for a collaborative multi-site incident response and investigation effort.