An Ontology for Digital Forensics in IT Security Incidents - OPUS
An Ontology for Digital Forensics in IT Security Incidents - OPUS An Ontology for Digital Forensics in IT Security Incidents - OPUS
76 APPENDIX B. FORENSIC TOOLS OUTPUT LISTINGS $EA (224) Size : 0 -65536 Flags : $LOGGED_UTILITY_STREAM (256) Size : 0 -65536 Flags : Non - resident Listing B.1: Output of fsstat from the sleuth kit Virtual Physical Name ---------- ---------- ---- 0 xe18e7a38 0 x09433a38 \??\ C :\ Do .. en \ Benutzer1 \ Lok .. en \ Anw .. en \ Mi ..\ Wi ..\ UsrClass . dat 0 xe18e08d8 0 x091a38d8 \ Dev .. e1 \ Doku .. ellungen \ Benutzer1 \ NTUSER . DAT 0 xe156ab60 0 x068ceb60 \ Dev .. e1 \ Doku .. ngen \ Lo ..\ Lok .. en \ Anw .. en \ Mi ..\ Wi ..\ UsrClass . dat 0 xe1561ac8 0 x068b8ac8 \ Dev .. e1 \ Do .. en \ Lo ..\ NTUSER . DAT 0 xe153d9f0 0 x062a89f0 \ Dev .. e1 \ Do .. en \ Net ..\ Lok .. en \ Anw .. en \ Mi ..\ Wi ..\ UsrClass . dat 0 xe1534b60 0 x06213b60 \ Dev .. e1 \ Doku .. ellungen \ NetworkService \ NTUSER . DAT 0 xe1371218 0 x037da218 \ Device \ HarddiskVolume1 \ WINDOWS \ system32 \ config \ software 0 xe1378008 0 x04149008 \ Device \ HarddiskVolume1 \ WINDOWS \ system32 \ config \ SECURITY 0 xe1378758 0 x04149758 \ Device \ HarddiskVolume1 \ WINDOWS \ system32 \ config \ default 0 xe134ab30 0 x03003b30 \ Device \ HarddiskVolume1 \ WINDOWS \ system32 \ config \ SAM 0 xe1254130 0 x02269130 [ no name ] 0 xe1018258 0 x0202b258 \ Device \ HarddiskVolume1 \ WINDOWS \ system32 \ config \ system 0 xe1007260 0 x01feb260 [ no name ] 0 x8068f9bc 0 x0068f9bc [ no name ] Listing B.2: Output of the hivelist module of volatility(shortened)
Appendix C Screenshots Figure C.1: Neo4J web interface: Interactive graph explorer 77
- Page 28 and 29: 26 CHAPTER 4. FORENSICS The fls -m
- Page 30 and 31: 28 CHAPTER 4. FORENSICS of the sock
- Page 32 and 33: 30 CHAPTER 4. FORENSICS
- Page 34 and 35: 32 CHAPTER 5. ONTOLOGY Person name
- Page 36 and 37: 34 CHAPTER 5. ONTOLOGY 5.1.1 Creati
- Page 38 and 39: 36 CHAPTER 5. ONTOLOGY Resource Des
- Page 40 and 41: 38 CHAPTER 5. ONTOLOGY to be Augsbu
- Page 42 and 43: 40 CHAPTER 5. ONTOLOGY Gephi and Cy
- Page 44 and 45: 42 CHAPTER 5. ONTOLOGY
- Page 46 and 47: 44 CHAPTER 6. FORENSIC ONTOLOGY for
- Page 48 and 49: 46 CHAPTER 6. FORENSIC ONTOLOGY pro
- Page 50 and 51: 48 CHAPTER 6. FORENSIC ONTOLOGY reg
- Page 52 and 53: 50 CHAPTER 6. FORENSIC ONTOLOGY 6.9
- Page 54 and 55: 52 CHAPTER 6. FORENSIC ONTOLOGY Par
- Page 56 and 57: 54 CHAPTER 6. FORENSIC ONTOLOGY
- Page 58 and 59: 56 CHAPTER 7. IMPLEMENTATION 7.3 RD
- Page 60 and 61: 58 CHAPTER 7. IMPLEMENTATION the co
- Page 62 and 63: 60 CHAPTER 7. IMPLEMENTATION 1 SELE
- Page 64 and 65: 62 CHAPTER 7. IMPLEMENTATION Anothe
- Page 66 and 67: 64 CHAPTER 7. IMPLEMENTATION 7.8 St
- Page 68 and 69: 66 CHAPTER 8. EVALUATION 6. The las
- Page 70 and 71: 68 CHAPTER 8. EVALUATION key (CTEMO
- Page 72 and 73: 70 CHAPTER 9. SUMMARY after some is
- Page 74 and 75: 72 APPENDIX A. EXTRACTION TOOL LIST
- Page 76 and 77: 74 APPENDIX A. EXTRACTION TOOL LIST
- Page 80 and 81: 78 APPENDIX C. SCREENSHOTS Figure C
- Page 82 and 83: 80 APPENDIX C. SCREENSHOTS Figure C
- Page 84 and 85: 82 APPENDIX C. SCREENSHOTS Figure C
- Page 86 and 87: 84 APPENDIX C. SCREENSHOTS
- Page 88 and 89: 86 BIBLIOGRAPHY [Carrier, 2012c] Ca
- Page 90 and 91: 88 BIBLIOGRAPHY [Microsoft, 2010] M
- Page 92: 90 BIBLIOGRAPHY [W3C, 2004] W3C (20
Appendix C<br />
Screenshots<br />
Figure C.1: Neo4J web <strong>in</strong>terface: Interactive graph explorer<br />
77