An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.2. DATA 21<br />
It comprises <strong>for</strong> example physical memory layout <strong>in</strong><strong>for</strong>mation, boot<br />
code, setup code, and the size of the page tables.<br />
• Metadata<br />
Memory Organization<br />
This is the data that conta<strong>in</strong>s <strong>in</strong><strong>for</strong>mation about the organization<br />
of the memory. It is necessary to manage the memory and <strong>in</strong>cludes<br />
<strong>for</strong> example the page tables.<br />
Runtime Organization<br />
This is the data that is necessary <strong>for</strong> the management of data<br />
with<strong>in</strong> the memory. It comprises <strong>for</strong> example the process list and<br />
the IO management.<br />
• Metacode<br />
This section conta<strong>in</strong>s the code necessary to operate the system and<br />
<strong>in</strong>uence the behaviour of the operat<strong>in</strong>g system. This <strong>in</strong>cludes <strong>for</strong><br />
example <strong>in</strong>terrupt service rout<strong>in</strong>es, page fault handler, IO code, and<br />
scheduler.<br />
• Code<br />
OS-specific<br />
This is the code that is used by the operat<strong>in</strong>g system to implement<br />
OS-specic functionality. It comprises <strong>for</strong> example daemon<br />
processes and idle process.<br />
Application<br />
This is the code that is used by user processes.<br />
• Data<br />
OS-specific<br />
This is the data that is used by the operat<strong>in</strong>g system processes.<br />
Application<br />
This is the data that is used by the user processes.<br />
4.2.3 Additional <strong>in</strong><strong>for</strong>mation<br />
The data <strong>in</strong> this section diers from the already mentioned one as it can be<br />
derived from one or more of them.