Conference Proceeding

From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy

10/2009; DOI:10.1109/IMF.2009.17 pp.54 - 68 In proceeding of: IT Security Incident Management and IT Forensics, 2009. IMF '09. Fifth International Conference on
Source: IEEE Xplore

ABSTRACT Forensic investigations are usually conducted to solve crimes committed using IT systems as pertetrator and/or victim. However, depending on the size of IT system, also nonmalicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well known computer incident taxonomy, this paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and nonmalicious incidents. Additionally this taxonomy helps performing a forensic examination in establishing answers to a set of well defined questions during such an examination. The usefulness of the proposed forensic examination taxonomy is shown using a malicious and a nonmalicious example.

0 0
 · 
0 Bookmarks
 · 
20 Views
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.

Keywords

common language
 
computer forensic examinations
 
crimes
 
forensic examination
 
Forensic investigations
 
known computer incident taxonomy
 
methodological
 
nonmalicious example
 
nonmalicious incidents
 
pertetrator
 
principles
 
proposed forensic examination taxonomy
 
questions
 
taxonomy