Applying a stepwise forensic approach to incident response and computer usage analysis

Kyung Soo Lim, Seung Bong Lee, Sangjin Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

While traditional digital investigation is limited to cyber crimes, now it is an essential procedure on most of civil and criminal case. With the proliferation of the digital investigation in this situation, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. The general method of investigating the suspect's computer is laborious, time-consuming, complicated tasks and requires specialty on the part of forensic experts. In particular cases, such as child abduction, missing or exploited persons, time is of the essence and rapid incident response is necessary. But the increase in capacity of storage media made this method to take much longer time. Therefore, we need new process model to collect crucial evidence quickly and investigate these cases rapidly. The Stepwise Forensic Process Model (SFPM) provides stepwise and in-situ approach for providing incident identification, acquisition, analysis. The SFPM suggest a new investigational model for selecting the target and analyzing the relevant evidences only.

Original languageEnglish
Title of host publicationProceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
DOIs
Publication statusPublished - 2009 Dec 1
Event2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 - Jeju Island, Korea, Republic of
Duration: 2009 Dec 102009 Dec 12

Other

Other2009 2nd International Conference on Computer Science and Its Applications, CSA 2009
CountryKorea, Republic of
CityJeju Island
Period09/12/1009/12/12

Fingerprint

Crime
Identification (control systems)

Keywords

  • Digital forensics
  • Forensic process model
  • Incident response

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications

Cite this

Lim, K. S., Lee, S. B., & Lee, S. (2009). Applying a stepwise forensic approach to incident response and computer usage analysis. In Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009 [5404204] https://doi.org/10.1109/CSA.2009.5404204

Applying a stepwise forensic approach to incident response and computer usage analysis. / Lim, Kyung Soo; Lee, Seung Bong; Lee, Sangjin.

Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009. 2009. 5404204.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lim, KS, Lee, SB & Lee, S 2009, Applying a stepwise forensic approach to incident response and computer usage analysis. in Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009., 5404204, 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009, Jeju Island, Korea, Republic of, 09/12/10. https://doi.org/10.1109/CSA.2009.5404204
Lim KS, Lee SB, Lee S. Applying a stepwise forensic approach to incident response and computer usage analysis. In Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009. 2009. 5404204 https://doi.org/10.1109/CSA.2009.5404204
Lim, Kyung Soo ; Lee, Seung Bong ; Lee, Sangjin. / Applying a stepwise forensic approach to incident response and computer usage analysis. Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009. 2009.
@inproceedings{5c67654bd2a848ba9d4be930fecd6d1e,
title = "Applying a stepwise forensic approach to incident response and computer usage analysis",
abstract = "While traditional digital investigation is limited to cyber crimes, now it is an essential procedure on most of civil and criminal case. With the proliferation of the digital investigation in this situation, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. The general method of investigating the suspect's computer is laborious, time-consuming, complicated tasks and requires specialty on the part of forensic experts. In particular cases, such as child abduction, missing or exploited persons, time is of the essence and rapid incident response is necessary. But the increase in capacity of storage media made this method to take much longer time. Therefore, we need new process model to collect crucial evidence quickly and investigate these cases rapidly. The Stepwise Forensic Process Model (SFPM) provides stepwise and in-situ approach for providing incident identification, acquisition, analysis. The SFPM suggest a new investigational model for selecting the target and analyzing the relevant evidences only.",
keywords = "Digital forensics, Forensic process model, Incident response",
author = "Lim, {Kyung Soo} and Lee, {Seung Bong} and Sangjin Lee",
year = "2009",
month = "12",
day = "1",
doi = "10.1109/CSA.2009.5404204",
language = "English",
isbn = "9781424449460",
booktitle = "Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009",

}

TY - GEN

T1 - Applying a stepwise forensic approach to incident response and computer usage analysis

AU - Lim, Kyung Soo

AU - Lee, Seung Bong

AU - Lee, Sangjin

PY - 2009/12/1

Y1 - 2009/12/1

N2 - While traditional digital investigation is limited to cyber crimes, now it is an essential procedure on most of civil and criminal case. With the proliferation of the digital investigation in this situation, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. The general method of investigating the suspect's computer is laborious, time-consuming, complicated tasks and requires specialty on the part of forensic experts. In particular cases, such as child abduction, missing or exploited persons, time is of the essence and rapid incident response is necessary. But the increase in capacity of storage media made this method to take much longer time. Therefore, we need new process model to collect crucial evidence quickly and investigate these cases rapidly. The Stepwise Forensic Process Model (SFPM) provides stepwise and in-situ approach for providing incident identification, acquisition, analysis. The SFPM suggest a new investigational model for selecting the target and analyzing the relevant evidences only.

AB - While traditional digital investigation is limited to cyber crimes, now it is an essential procedure on most of civil and criminal case. With the proliferation of the digital investigation in this situation, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. The general method of investigating the suspect's computer is laborious, time-consuming, complicated tasks and requires specialty on the part of forensic experts. In particular cases, such as child abduction, missing or exploited persons, time is of the essence and rapid incident response is necessary. But the increase in capacity of storage media made this method to take much longer time. Therefore, we need new process model to collect crucial evidence quickly and investigate these cases rapidly. The Stepwise Forensic Process Model (SFPM) provides stepwise and in-situ approach for providing incident identification, acquisition, analysis. The SFPM suggest a new investigational model for selecting the target and analyzing the relevant evidences only.

KW - Digital forensics

KW - Forensic process model

KW - Incident response

UR - http://www.scopus.com/inward/record.url?scp=80655134675&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80655134675&partnerID=8YFLogxK

U2 - 10.1109/CSA.2009.5404204

DO - 10.1109/CSA.2009.5404204

M3 - Conference contribution

SN - 9781424449460

BT - Proceedings of the 2009 2nd International Conference on Computer Science and Its Applications, CSA 2009

ER -