An Ontology for Digital Forensics in IT Security Incidents - OPUS

More documents

Recommendations

Info

44 CHAPTER 6. FORENSIC ONTOLOGY for:hasForensicTool for:hasTimestamp rdfs:range rdfs:domain rdfs:domain rdfs:range for:ForensicTool for:ForensicObject for:Timestamp Figure 6.1: Forensic Object hw:Memory hw:Harddisk rdfs:subClassOf rdfs:subClassOf rdfs:subClassOf hw:Hardware hw:NIC Figure 6.2: Hardware 6.3 Software The next category that comes to mind when structuring a computer is the software. The generic software parts are the Kernel, the Resources, and the ProcessList. This can be seen in gure 6.3. Resources stand for le handles, network connections, and other handles the kernel provides. Details for the ProcessList are specied in section 6.5. sw:hasResource sw:processlist rdfs:range rdfs:domain rdfs:domain rdfs:range sw:Resource sw:Kernel pro:ProcessList Figure 6.3: Software
6.4. USER 45 6.4 User A further obvious element is the User respectively more of them. The essential data for each of them is the Name, a Password, and one or more Groups the User belongs to, as it is visible in gure 6.4. usr:hasGroup usr:name rdfs:range rdfs:domain rdfs:domain rdfs:range rdfs:domain usr:Group usr:User usr:Name usr:password rdfs:range usr:Password Figure 6.4: User 6.5 Process Every program that runs on a system has at least one Process and all of them are listed in the ProcessList. Each of them, except the initial one, has at least one Thread and one parent Process. The Resources from the Kernel, dened in section 6.3, can be used by Processes. The structure can be seen in gure 6.5. It is assumed that the most basic parent process has itself as a parent. 6.6 Network One element in the list of the Hardware is the NIC. It has a Conguration which includes IP, Gateway, and Nameserver. On the other hand there are Connections associated with it. Connections have a local and a remote IP address. For usage the connections have to be wrapped by Sockets. These have a Port and a Protocol and can be referenced as Resources by Processes. This structure can be seen in gure 6.6.
Page 1: Diplomarbeit An Ontology for Digita
Page 4 and 5: Acknowledgement I would like to tha
Page 6 and 7: 4 CONTENTS 5.1.4 Storage . . . . .
Page 8 and 9: 6 CONTENTS
Page 10 and 11: 8 CHAPTER 1. INTRODUCTION data lead
Page 12 and 13: 10 CHAPTER 2. RELATED WORK investig
Page 14 and 15: 12 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 16 and 17: 14 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 18 and 19: 16 CHAPTER 4. FORENSICS Basic rules
Page 20 and 21: 18 CHAPTER 4. FORENSICS 4.1.2.2 Ran
Page 22 and 23: 20 CHAPTER 4. FORENSICS entry conta
Page 24 and 25: 22 CHAPTER 4. FORENSICS 4.2.3.1 Reg
Page 26 and 27: 24 CHAPTER 4. FORENSICS vulnerable
Page 28 and 29: 26 CHAPTER 4. FORENSICS The fls -m
Page 30 and 31: 28 CHAPTER 4. FORENSICS of the sock
Page 32 and 33: 30 CHAPTER 4. FORENSICS
Page 34 and 35: 32 CHAPTER 5. ONTOLOGY Person name
Page 36 and 37: 34 CHAPTER 5. ONTOLOGY 5.1.1 Creati
Page 38 and 39: 36 CHAPTER 5. ONTOLOGY Resource Des
Page 40 and 41: 38 CHAPTER 5. ONTOLOGY to be Augsbu
Page 42 and 43: 40 CHAPTER 5. ONTOLOGY Gephi and Cy
Page 44 and 45: 42 CHAPTER 5. ONTOLOGY
Page 48 and 49: 46 CHAPTER 6. FORENSIC ONTOLOGY pro
Page 50 and 51: 48 CHAPTER 6. FORENSIC ONTOLOGY reg
Page 52 and 53: 50 CHAPTER 6. FORENSIC ONTOLOGY 6.9
Page 54 and 55: 52 CHAPTER 6. FORENSIC ONTOLOGY Par
Page 56 and 57: 54 CHAPTER 6. FORENSIC ONTOLOGY
Page 58 and 59: 56 CHAPTER 7. IMPLEMENTATION 7.3 RD
Page 60 and 61: 58 CHAPTER 7. IMPLEMENTATION the co
Page 62 and 63: 60 CHAPTER 7. IMPLEMENTATION 1 SELE
Page 64 and 65: 62 CHAPTER 7. IMPLEMENTATION Anothe
Page 66 and 67: 64 CHAPTER 7. IMPLEMENTATION 7.8 St
Page 68 and 69: 66 CHAPTER 8. EVALUATION 6. The las
Page 70 and 71: 68 CHAPTER 8. EVALUATION key (CTEMO
Page 72 and 73: 70 CHAPTER 9. SUMMARY after some is
Page 74 and 75: 72 APPENDIX A. EXTRACTION TOOL LIST
Page 76 and 77: 74 APPENDIX A. EXTRACTION TOOL LIST
Page 78 and 79: 76 APPENDIX B. FORENSIC TOOLS OUTPU
Page 80 and 81: 78 APPENDIX C. SCREENSHOTS Figure C
Page 86 and 87: 84 APPENDIX C. SCREENSHOTS
Page 88 and 89: 86 BIBLIOGRAPHY [Carrier, 2012c] Ca
Page 90 and 91: 88 BIBLIOGRAPHY [Microsoft, 2010] M
Page 92: 90 BIBLIOGRAPHY [W3C, 2004] W3C (20

An Ontology for Digital Forensics in IT Security Incidents - OPUS

Create successful ePaper yourself

Delete template?

Save as template?