Principles-driven forensic analysis
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
CuPIDS: An exploration of highly focused, co-processor-based information system protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Analysis of Computer Intrusions Using Sequences of Function Calls
IEEE Transactions on Dependable and Secure Computing
Conducting forensic investigations of cyber attacks on automobile in-vehicle networks
Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop
Computer forensics in forensis
ACM SIGOPS Operating Systems Review
WISTP'08 Proceedings of the 2nd IFIP WG 11.2 international conference on Information security theory and practices: smart devices, convergence and next generation networks
On the role of file system metadata in digital forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Traditionally, computer security monitoring systems are built around the audit systems supplied by operating systems. These OS audit sources were not necessarily designed to meet modern security needs. This dissertation addresses this situation by categorizing monitoring systems based on their goals of detection and the time constraints of operation. This categorization is used to clarify what information is needed to perform detection as well as how the audit system should be structured to supply it in an appropriate manner. A prototype audit source was designed and constructed based on the information from the categorization. This audit system supplies information based on the type of detection to be performed. The new audit source was compared against an existing OS audit source and shown to have less overhead in many instances, generate a smaller volume of data, and generate useful information not currently available.