An Ontology for Digital Forensics in IT Security Incidents - OPUS

More documents

Recommendations

Info

10 CHAPTER 2. RELATED WORK investigator to get a fast overview of the available hard disk. It is based on PyFlag[Cohen, 2012] which uses The Sleuth Kit[Carrier, 2012a] to extract the data from the hard drive respectively the image of the hard drive. An ontology and the associated data storage is preferred to a relational database concept because the relational database was not built for storing graph structures[Neo Technology, Inc., 2006].
Chapter 3 Goal Forensic Semantic Model This chapter explains what this work is about. Additionally it introduces the example that will be used throughout this work. 3.1 Ontology The goal is to create an ontology, a data store, a program to ll the data store, and several queries that allow the examiner to obtain conclusive evidence fast and easily. In the end, only the sources to obtain the data from have to be selected and the program extracts the necessary information and puts it into the appropriate structure. After the data was imported into the data store the examiner can query for evidence. If not marked otherwise the term ontology stands for the one that is introduced in this work. It is intended to make the gathering of data and the extraction of evidence faster and more eectively. One positive side eect of the automatic importing is that there is no need to know every option of every tool involved, so even novice users can use the program to gather evidence and the forensic expert can concentrate on more dicult tasks. Another point is that multiple users can access the data store so numerous examiners can work together on one case. The procedure is mainly intended for the fast examination of cases that incident response teams have to take care of. A requirement from the ontology is that it has to be customizable for special needs. This can be relevant if additional information is required that is not yet represented yet. An example for this is explained in section 4.2.3.3. The tools that provide the information collected in the data store have to be interchangeable, what is another important fact. This allows examiners to use the tools they are familiar with. The idea is to build an ontology which represents the forensically interesting parts of a computer system. Chapter 4 will explain how to extract which part of information and why they are interesting. The information is 11
Page 1: Diplomarbeit An Ontology for Digita
Page 4 and 5: Acknowledgement I would like to tha
Page 6 and 7: 4 CONTENTS 5.1.4 Storage . . . . .
Page 8 and 9: 6 CONTENTS
Page 10 and 11: 8 CHAPTER 1. INTRODUCTION data lead
Page 14 and 15: 12 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 16 and 17: 14 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 18 and 19: 16 CHAPTER 4. FORENSICS Basic rules
Page 20 and 21: 18 CHAPTER 4. FORENSICS 4.1.2.2 Ran
Page 22 and 23: 20 CHAPTER 4. FORENSICS entry conta
Page 24 and 25: 22 CHAPTER 4. FORENSICS 4.2.3.1 Reg
Page 26 and 27: 24 CHAPTER 4. FORENSICS vulnerable
Page 28 and 29: 26 CHAPTER 4. FORENSICS The fls -m
Page 30 and 31: 28 CHAPTER 4. FORENSICS of the sock
Page 32 and 33: 30 CHAPTER 4. FORENSICS
Page 34 and 35: 32 CHAPTER 5. ONTOLOGY Person name
Page 36 and 37: 34 CHAPTER 5. ONTOLOGY 5.1.1 Creati
Page 38 and 39: 36 CHAPTER 5. ONTOLOGY Resource Des
Page 40 and 41: 38 CHAPTER 5. ONTOLOGY to be Augsbu
Page 42 and 43: 40 CHAPTER 5. ONTOLOGY Gephi and Cy
Page 44 and 45: 42 CHAPTER 5. ONTOLOGY
Page 46 and 47: 44 CHAPTER 6. FORENSIC ONTOLOGY for
Page 48 and 49: 46 CHAPTER 6. FORENSIC ONTOLOGY pro
Page 50 and 51: 48 CHAPTER 6. FORENSIC ONTOLOGY reg
Page 52 and 53: 50 CHAPTER 6. FORENSIC ONTOLOGY 6.9
Page 54 and 55: 52 CHAPTER 6. FORENSIC ONTOLOGY Par
Page 56 and 57: 54 CHAPTER 6. FORENSIC ONTOLOGY
Page 58 and 59: 56 CHAPTER 7. IMPLEMENTATION 7.3 RD
Page 60 and 61: 58 CHAPTER 7. IMPLEMENTATION the co
Page 62 and 63:
60 CHAPTER 7. IMPLEMENTATION 1 SELE
Page 64 and 65:
62 CHAPTER 7. IMPLEMENTATION Anothe
Page 66 and 67:
64 CHAPTER 7. IMPLEMENTATION 7.8 St
Page 68 and 69:
66 CHAPTER 8. EVALUATION 6. The las
Page 70 and 71:
68 CHAPTER 8. EVALUATION key (CTEMO
Page 72 and 73:
70 CHAPTER 9. SUMMARY after some is
Page 74 and 75:
72 APPENDIX A. EXTRACTION TOOL LIST
Page 76 and 77:
74 APPENDIX A. EXTRACTION TOOL LIST
Page 78 and 79:
76 APPENDIX B. FORENSIC TOOLS OUTPU
Page 80 and 81:
78 APPENDIX C. SCREENSHOTS Figure C
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
84 APPENDIX C. SCREENSHOTS
Page 88 and 89:
86 BIBLIOGRAPHY [Carrier, 2012c] Ca
Page 90 and 91:
88 BIBLIOGRAPHY [Microsoft, 2010] M
Page 92:
90 BIBLIOGRAPHY [W3C, 2004] W3C (20
show all

An Ontology for Digital Forensics in IT Security Incidents - OPUS

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?