An Ontology for Digital Forensics in IT Security Incidents - OPUS

More documents

Recommendations

Info

4 CONTENTS 5.1.4 Storage . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.1.5 SPARQL . . . . . . . . . . . . . . . . . . . . . . . . . 37 5.2 Ontology Tools . . . . . . . . . . . . . . . . . . . . . . . . . . 38 5.2.1 Altova Semantic Works . . . . . . . . . . . . . . . . . 38 5.2.2 Protégé . . . . . . . . . . . . . . . . . . . . . . . . . . 39 5.2.3 Gephi . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 5.2.4 RDF Gravity . . . . . . . . . . . . . . . . . . . . . . . 39 5.2.5 Cytoscape . . . . . . . . . . . . . . . . . . . . . . . . . 39 5.2.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . 39 5.2.7 Raptor RDF and GraphViz . . . . . . . . . . . . . . . 40 5.3 Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 5.3.1 Neo4J . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 5.3.2 Sesame . . . . . . . . . . . . . . . . . . . . . . . . . . 40 6 Forensic Ontology 43 6.1 Forensic Object . . . . . . . . . . . . . . . . . . . . . . . . . . 43 6.2 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 6.3 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 6.4 User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6.5 Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6.6 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6.7 Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 6.8 File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 6.9 Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 6.10 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 6.10.1 Hard Disk . . . . . . . . . . . . . . . . . . . . . . . . . 51 6.10.2 Random Access Memory . . . . . . . . . . . . . . . . . 52 6.10.3 Registry . . . . . . . . . . . . . . . . . . . . . . . . . . 53 7 Implementation 55 7.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 7.2 RDFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 7.3 RDF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 7.4 Volatility plugin: hivedump2 . . . . . . . . . . . . . . . . . . 56 7.5 Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 7.6 SPARQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 7.6.1 Find File . . . . . . . . . . . . . . . . . . . . . . . . . 58 7.6.2 Autorun . . . . . . . . . . . . . . . . . . . . . . . . . . 60 7.6.3 Parent Process . . . . . . . . . . . . . . . . . . . . . . 60 7.7 Adding additional data: Log les . . . . . . . . . . . . . . . . 63 7.8 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
CONTENTS 5 8 Evaluation 65 8.1 Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 8.2 SPARQL Queries . . . . . . . . . . . . . . . . . . . . . . . . . 66 8.2.1 Find le . . . . . . . . . . . . . . . . . . . . . . . . . . 66 8.2.2 Autorun . . . . . . . . . . . . . . . . . . . . . . . . . . 66 8.2.3 Network . . . . . . . . . . . . . . . . . . . . . . . . . . 66 8.2.4 Parent Process . . . . . . . . . . . . . . . . . . . . . . 66 8.2.5 Resources . . . . . . . . . . . . . . . . . . . . . . . . . 66 8.3 Case 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 8.4 Case 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 8.5 Case 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 8.6 Case 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 9 Summary 69 A Extraction tool listings 71 B Forensic tools output listings 75 C Screenshots 77 Bibliography 84
Page 1: Diplomarbeit An Ontology for Digita
Page 4 and 5: Acknowledgement I would like to tha
Page 8 and 9: 6 CONTENTS
Page 10 and 11: 8 CHAPTER 1. INTRODUCTION data lead
Page 12 and 13: 10 CHAPTER 2. RELATED WORK investig
Page 14 and 15: 12 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 16 and 17: 14 CHAPTER 3. GOAL FORENSIC SEMANTI
Page 18 and 19: 16 CHAPTER 4. FORENSICS Basic rules
Page 20 and 21: 18 CHAPTER 4. FORENSICS 4.1.2.2 Ran
Page 22 and 23: 20 CHAPTER 4. FORENSICS entry conta
Page 24 and 25: 22 CHAPTER 4. FORENSICS 4.2.3.1 Reg
Page 26 and 27: 24 CHAPTER 4. FORENSICS vulnerable
Page 28 and 29: 26 CHAPTER 4. FORENSICS The fls -m
Page 30 and 31: 28 CHAPTER 4. FORENSICS of the sock
Page 32 and 33: 30 CHAPTER 4. FORENSICS
Page 34 and 35: 32 CHAPTER 5. ONTOLOGY Person name
Page 36 and 37: 34 CHAPTER 5. ONTOLOGY 5.1.1 Creati
Page 38 and 39: 36 CHAPTER 5. ONTOLOGY Resource Des
Page 40 and 41: 38 CHAPTER 5. ONTOLOGY to be Augsbu
Page 42 and 43: 40 CHAPTER 5. ONTOLOGY Gephi and Cy
Page 44 and 45: 42 CHAPTER 5. ONTOLOGY
Page 46 and 47: 44 CHAPTER 6. FORENSIC ONTOLOGY for
Page 48 and 49: 46 CHAPTER 6. FORENSIC ONTOLOGY pro
Page 50 and 51: 48 CHAPTER 6. FORENSIC ONTOLOGY reg
Page 52 and 53: 50 CHAPTER 6. FORENSIC ONTOLOGY 6.9
Page 54 and 55: 52 CHAPTER 6. FORENSIC ONTOLOGY Par
Page 56 and 57:
54 CHAPTER 6. FORENSIC ONTOLOGY
Page 58 and 59:
56 CHAPTER 7. IMPLEMENTATION 7.3 RD
Page 60 and 61:
58 CHAPTER 7. IMPLEMENTATION the co
Page 62 and 63:
60 CHAPTER 7. IMPLEMENTATION 1 SELE
Page 64 and 65:
62 CHAPTER 7. IMPLEMENTATION Anothe
Page 66 and 67:
64 CHAPTER 7. IMPLEMENTATION 7.8 St
Page 68 and 69:
66 CHAPTER 8. EVALUATION 6. The las
Page 70 and 71:
68 CHAPTER 8. EVALUATION key (CTEMO
Page 72 and 73:
70 CHAPTER 9. SUMMARY after some is
Page 74 and 75:
72 APPENDIX A. EXTRACTION TOOL LIST
Page 76 and 77:
74 APPENDIX A. EXTRACTION TOOL LIST
Page 78 and 79:
76 APPENDIX B. FORENSIC TOOLS OUTPU
Page 80 and 81:
78 APPENDIX C. SCREENSHOTS Figure C
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
84 APPENDIX C. SCREENSHOTS
Page 88 and 89:
86 BIBLIOGRAPHY [Carrier, 2012c] Ca
Page 90 and 91:
88 BIBLIOGRAPHY [Microsoft, 2010] M
Page 92:
90 BIBLIOGRAPHY [W3C, 2004] W3C (20
show all

An Ontology for Digital Forensics in IT Security Incidents - OPUS

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?