An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS An Ontology for Digital Forensics in IT Security Incidents - OPUS
74 APPENDIX A. EXTRACTION TOOL LISTINGS
Appendix B Forensic tools output listings FILE SYSTEM INFORMATION -------------------------------------------- File System Type : NTFS Volume Serial Number : BE8CB9D38CB98685 OEM Name : NTFS Version : Windows XP METADATA INFORMATION -------------------------------------------- First Cluster of MFT : 786432 First Cluster of MFT Mirror : 1309293 Size of MFT Entries : 1024 bytes Size of Index Records : 4096 bytes Range : 0 - 10576 Root Directory : 5 CONTENT INFORMATION -------------------------------------------- Sector Size : 512 Cluster Size : 4096 Total Cluster Range : 0 - 2618586 Total Sector Range : 0 - 20948695 $AttrDef Attribute Values : $STANDARD_INFORMATION (16) Size : 48 -72 Flags : Resident $ATTRIBUTE_LIST (32) Size : No Limit Flags : Non - resident $FILE_NAME (48) Size : 68 -578 Flags : Resident , Index $OBJECT_ID (64) Size : 0 -256 Flags : Resident $SECURITY_DESCRIPTOR (80) Size : No Limit Flags : Non - resident $VOLUME_NAME (96) Size : 2 -256 Flags : Resident $VOLUME_INFORMATION (112) Size : 12 -12 Flags : Resident $DATA (128) Size : No Limit Flags : $INDEX_ROOT (144) Size : No Limit Flags : Resident $INDEX_ALLOCATION (160) Size : No Limit Flags : Non - resident $BITMAP (176) Size : No Limit Flags : Non - resident $REPARSE_POINT (192) Size : 0 -16384 Flags : Non - resident $EA_INFORMATION (208) Size : 8 -8 Flags : Resident 75
- Page 26 and 27: 24 CHAPTER 4. FORENSICS vulnerable
- Page 28 and 29: 26 CHAPTER 4. FORENSICS The fls -m
- Page 30 and 31: 28 CHAPTER 4. FORENSICS of the sock
- Page 32 and 33: 30 CHAPTER 4. FORENSICS
- Page 34 and 35: 32 CHAPTER 5. ONTOLOGY Person name
- Page 36 and 37: 34 CHAPTER 5. ONTOLOGY 5.1.1 Creati
- Page 38 and 39: 36 CHAPTER 5. ONTOLOGY Resource Des
- Page 40 and 41: 38 CHAPTER 5. ONTOLOGY to be Augsbu
- Page 42 and 43: 40 CHAPTER 5. ONTOLOGY Gephi and Cy
- Page 44 and 45: 42 CHAPTER 5. ONTOLOGY
- Page 46 and 47: 44 CHAPTER 6. FORENSIC ONTOLOGY for
- Page 48 and 49: 46 CHAPTER 6. FORENSIC ONTOLOGY pro
- Page 50 and 51: 48 CHAPTER 6. FORENSIC ONTOLOGY reg
- Page 52 and 53: 50 CHAPTER 6. FORENSIC ONTOLOGY 6.9
- Page 54 and 55: 52 CHAPTER 6. FORENSIC ONTOLOGY Par
- Page 56 and 57: 54 CHAPTER 6. FORENSIC ONTOLOGY
- Page 58 and 59: 56 CHAPTER 7. IMPLEMENTATION 7.3 RD
- Page 60 and 61: 58 CHAPTER 7. IMPLEMENTATION the co
- Page 62 and 63: 60 CHAPTER 7. IMPLEMENTATION 1 SELE
- Page 64 and 65: 62 CHAPTER 7. IMPLEMENTATION Anothe
- Page 66 and 67: 64 CHAPTER 7. IMPLEMENTATION 7.8 St
- Page 68 and 69: 66 CHAPTER 8. EVALUATION 6. The las
- Page 70 and 71: 68 CHAPTER 8. EVALUATION key (CTEMO
- Page 72 and 73: 70 CHAPTER 9. SUMMARY after some is
- Page 74 and 75: 72 APPENDIX A. EXTRACTION TOOL LIST
- Page 78 and 79: 76 APPENDIX B. FORENSIC TOOLS OUTPU
- Page 80 and 81: 78 APPENDIX C. SCREENSHOTS Figure C
- Page 82 and 83: 80 APPENDIX C. SCREENSHOTS Figure C
- Page 84 and 85: 82 APPENDIX C. SCREENSHOTS Figure C
- Page 86 and 87: 84 APPENDIX C. SCREENSHOTS
- Page 88 and 89: 86 BIBLIOGRAPHY [Carrier, 2012c] Ca
- Page 90 and 91: 88 BIBLIOGRAPHY [Microsoft, 2010] M
- Page 92: 90 BIBLIOGRAPHY [W3C, 2004] W3C (20
74 APPENDIX A. EXTRACTION TOOL LISTINGS