Analyzing computer intrusions
Communications of the ACM
A note on the confinement problem
Communications of the ACM
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
A "flight data recorder" for enabling full-system multiprocessor deterministic replay
Proceedings of the 30th annual international symposium on Computer architecture
Software Security Checklist for the Software Life Cycle
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Automated Analysis for Digital Forensic Science: Semantic Integrity Checking
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
ACM Transactions on Computer Systems (TOCS)
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
A categorization of computer security monitoring systems and the impact on the design of audit sources
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Analysis of Computer Intrusions Using Sequences of Function Calls
IEEE Transactions on Dependable and Secure Computing
Computer forensics in forensis
ACM SIGOPS Operating Systems Review
Weaving ontologies to support digital forensic analysis
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Liability in software engineering: overview of the LISE approach and illustration on a case study
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Digital forensics on a virtual machine
Proceedings of the 49th Annual Southeast Regional Conference
Hi-index | 0.00 |
It is possible to enhance our understanding of what has happened on a computer system by using forensic techniques that do not require prediction of the nature of the attack, the skill of the attacker, or the details of the system resources or objects affected. These techniques address five fundamental principles of computer forensics. These principles include recording data about the entire operating system, particularly user space events and environments, and interpreting events at different layers of abstraction, aided by the context in which they occurred. They also deal with modeling the recorded data as a multi-resolution, finite state machine so that results can be established to a high degree of certainty rather than merely inferred.