An Ontology for Digital Forensics in IT Security Incidents - OPUS

More documents

Recommendations

Info

64 CHAPTER 7. IMPLEMENTATION 7.8 Statistics • The ontology contains 55 classes and 58 properties. • The program that asks for the necessary information, executes the forensic programs, converts the output, stores the converted output in the selected database and allows to query the database consists of 4470 lines of Java code. • The input data was 10 GB hard disk and 256 MB random access memory. • The extracted data, split up to several RDF les, has a size of around 460 MB for each case. • The extraction process takes around two hours on a Intel Core i7 CPU Q 820 with 1.73GHz. • The Sesame database for each case has a size of around 700 MB.
Chapter 8 Evaluation This chapter shows the eectiveness and eciency of the developed procedure by applying it to four cases. The cases consist of real malware samples that are run on a test system and analysed later. 8.1 Procedure A VirtualBox[Oracle, 2012] virtual machine with Windows XP SP3 was installed and a snapshot was taken at the rst start. The virtual machine has 10 GB hard disk space and 256 MB random access memory. VirtualBox is started with --dbg --startvm parameters to be able to use the debug console. For each malware sample the following steps were taken: 1. At rst the malware was inserted with a virtual CD, started and allowed to run for a while. Depending on the malware, the system was restarted to nd traces that make the malware run at every start of the operating system. 2. Next the system was paused. 3. To extract the hard disk, the command VBoxManage clonehd --format RAW was used from a command line. 4. To extract the random access memory, the command . pgmphystofile was executed in the debug console that can be started by the Command line... button in the Debug menu. 5. For the next step, the developed program was started to extract the information from the snapshots and put it into the database. As explained in section 7.8, this step took around two hours. 65
Page 1:
Diplomarbeit An Ontology for Digita
Page 4 and 5:
Acknowledgement I would like to tha
Page 6 and 7:
4 CONTENTS 5.1.4 Storage . . . . .
Page 8 and 9:
6 CONTENTS
Page 10 and 11:
8 CHAPTER 1. INTRODUCTION data lead
Page 12 and 13:
10 CHAPTER 2. RELATED WORK investig
Page 14 and 15:
12 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 16 and 17: 14 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 18 and 19: 16 CHAPTER 4. FORENSICS Basic rules
Page 20 and 21: 18 CHAPTER 4. FORENSICS 4.1.2.2 Ran
Page 22 and 23: 20 CHAPTER 4. FORENSICS entry conta
Page 24 and 25: 22 CHAPTER 4. FORENSICS 4.2.3.1 Reg
Page 26 and 27: 24 CHAPTER 4. FORENSICS vulnerable
Page 28 and 29: 26 CHAPTER 4. FORENSICS The fls -m
Page 30 and 31: 28 CHAPTER 4. FORENSICS of the sock
Page 32 and 33: 30 CHAPTER 4. FORENSICS
Page 34 and 35: 32 CHAPTER 5. ONTOLOGY Person name
Page 36 and 37: 34 CHAPTER 5. ONTOLOGY 5.1.1 Creati
Page 38 and 39: 36 CHAPTER 5. ONTOLOGY Resource Des
Page 40 and 41: 38 CHAPTER 5. ONTOLOGY to be Augsbu
Page 42 and 43: 40 CHAPTER 5. ONTOLOGY Gephi and Cy
Page 44 and 45: 42 CHAPTER 5. ONTOLOGY
Page 46 and 47: 44 CHAPTER 6. FORENSIC ONTOLOGY for
Page 48 and 49: 46 CHAPTER 6. FORENSIC ONTOLOGY pro
Page 50 and 51: 48 CHAPTER 6. FORENSIC ONTOLOGY reg
Page 52 and 53: 50 CHAPTER 6. FORENSIC ONTOLOGY 6.9
Page 54 and 55: 52 CHAPTER 6. FORENSIC ONTOLOGY Par
Page 56 and 57: 54 CHAPTER 6. FORENSIC ONTOLOGY
Page 58 and 59: 56 CHAPTER 7. IMPLEMENTATION 7.3 RD
Page 60 and 61: 58 CHAPTER 7. IMPLEMENTATION the co
Page 62 and 63: 60 CHAPTER 7. IMPLEMENTATION 1 SELE
Page 64 and 65: 62 CHAPTER 7. IMPLEMENTATION Anothe
Page 68 and 69: 66 CHAPTER 8. EVALUATION 6. The las
Page 70 and 71: 68 CHAPTER 8. EVALUATION key (CTEMO
Page 72 and 73: 70 CHAPTER 9. SUMMARY after some is
Page 74 and 75: 72 APPENDIX A. EXTRACTION TOOL LIST
Page 76 and 77: 74 APPENDIX A. EXTRACTION TOOL LIST
Page 78 and 79: 76 APPENDIX B. FORENSIC TOOLS OUTPU
Page 80 and 81: 78 APPENDIX C. SCREENSHOTS Figure C
Page 86 and 87: 84 APPENDIX C. SCREENSHOTS
Page 88 and 89: 86 BIBLIOGRAPHY [Carrier, 2012c] Ca
Page 90 and 91: 88 BIBLIOGRAPHY [Microsoft, 2010] M
Page 92: 90 BIBLIOGRAPHY [W3C, 2004] W3C (20
show all

An Ontology for Digital Forensics in IT Security Incidents - OPUS

Create successful ePaper yourself

Delete template?

Save as template?