Auflistung nach Schlagwort "Digital Forensics"
1 - 5 von 5
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragForensic strategies and methods in advanced software-defined networks(INFORMATIK 2024, 2024) Weijers, Florian; Jensen, Meiko; Raab-Düsterhöft, AntjeWhen it comes to network forensics in modern cloud-edge-systems, network forensics has become an urgent yet challenging field of work. Especially forensics of software-defined networks (SDN) poses some unique challenges that need to be addressed. This article hence addresses the methodological and strategic challenges of network forensics in modern complex software-defined networks using the ZeroTier Network as a practical example. In this context, detailed strategies and methods for clarification and preservation of evidence in SDN after common IT security incidents are derived from existing best practices in digital forensics. In addition, typical technical and legal issues and obstacles for forensic work in SDN are addressed in connection with IT security measures, and possible solution approaches are presented. Using an advanced SDN example, characteristic workflows of network forensics in SDN are discussed. The result of the work is ultimately a presentation of adapted and individually adaptable strategies and methods for applying targeted digital forensics in advanced SDN.
- TextdokumentA Method for Evaluating and Selecting Software Tools for Remote Forensics(INFORMATIK 2021, 2021) Meyer, Maurice; Auth, Gunnar; Schinner, AlexanderIn today’s networked system environments, remote access to possibly involved IT system components is a fundamental requirement for digital forensics. For con-ducting professional remote forensics investigations in large system landscapes a growing number of software tools, both commercial and open source, is available today. On the other hand, reviews and comparisons of this special type of soft-ware tools are scarce. In support of finding the best-fitting remote forensics tool among the available solutions based on individual requirements and preconditions, this article presents a method for a criteria-based evaluation and selection process. While the method construction generally builds on established procedures for software evaluation and selection, the according criteria catalog including measurement procedures and weightings was derived from literature as well as considerations with experts from the IT security subsidiary of a large German telecom group. Furthermore, the method is demonstrated and validated by applying it to three selected software tools: Cynet, GRR Rapid Response and Velociraptor.
- TextdokumentOntology in the Digital Forensics Domain: A Scoping Review(INFORMATIK 2022, 2022) Morgenstern,Martin; Fähndrich,Johannes; Honekamp,WilfriedA need for the use of automation in digital forensics is imminent. With the overwhelming workload for analysing collected digital evidence, law enforcement agencies are no longer meeting the quality investigations we expect. For automation to work (e. g., integrating heterogeneous data sources, structuring unstructured data, or drawing conclusions from structured data), formalisation must be specified. Specification of formalisation includes as a first step to describe concepts in the domain of digital forensics. In this contribution, we analyse the state of the art of ontological formalisation in the domain of digital forensics via a scoping review. There are some attempts to formalise the technical domain of digital forensics in ontologies, but they do not cover essential context, like technical annotations or acquisition modelling. Future work will be to use the existing foundations and extend them with facts and rules to enable reasoning.
- KonferenzbeitragPost-mortem path correlation based on the NT Object Manager in Windows 1x systems(INFORMATIK 2023 - Designing Futures: Zukünfte gestalten, 2023) Helfer, Dominic; Rothe, Felix; Bodach, RonnyThe specifications of file and directory paths in forensic artifacts of Windows 1x systems are not uniform. A correlation of paths is needed to prove the hypothesis that two paths in different artifacts describe the same file. During runtime of Windows, this correlation is managed inside the NT Object Manager [Al22]. The available information of the NT Object Manager is lost when Windows is shut down, so an analyst with the appropriate knowledge and experience must perform the correlation of paths manually. A mapping of the NT Object Manager is required to develop forensic tools that allow an automated correlation of paths. The mapping was used to develop a reconstruction approach based on an empirical study of differently configured Windows 1x systems. This allows for post-mortem path correlation using non-volatile data.
- KonferenzbeitragRequirements for a public digital forensics cloud(INFORMATIK 2023 - Designing Futures: Zukünfte gestalten, 2023) Morgenstern, Martin; Honekamp, WilfriedThe acquisition of digital evidence in criminal proceedings has become considerably more important in recent years. At the same time, the amount of data has also increased. The need to use cloud or big data solutions for digital forensics to be able to efficiently process the permanently increasing amount of data and number of cases has been recognised for years. By using public cloud providers, such as Amazon AWS and Microsoft Azure, to secure and analyse digital evidence, resources could be used in a scalable and flexible way. Forensic service providers have had to keep a large number of data carriers for forensic backups because they have to be available immediately in case of an emergency and cannot be procured only when needed.