Applying role based access control and genetic algorithms to insider threat detection
Proceedings of the 44th annual Southeast regional conference
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Digital forensics research: The next 10 years
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A system for the proactive, continuous, and efficient collection of digital forensic evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Information Systems Frontiers
| Hi-index | 0.00 |
This paper examines principles and approaches forproactive computer-system forensics. Proactive computer-systemforensics is the design, construction and configuringof systems to make them most amenable to digital forensicsanalyses in the future. The primary goals of proactivecomputer-system forensics are system structuring andaugmentation for automated data discovery, lead formation,and efficient data preservation. This paper proposes:(1) using the Neyman-Pearson Lemma to proactively buildonline forensics tests with the best possible critical regionsfor hypothesis testing, and (2) using classical stopping rulesfor sequential hypothesis testing to determine which usersare deviating from standard usage behavior and should bethe focus of more investigative resources.Here the focus is on security breaches by the employeesor stakeholders of an organization. The main measurementsare event-driven logs of program executions.