On-site investigation methodology for incident response in Windows environments

Keungi Lee, Changhoon Lee, Sangjin Lee

Research output: Contribution to journalArticle

Abstract

In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

Original languageEnglish
Pages (from-to)1413-1420
Number of pages8
JournalComputers and Mathematics with Applications
Volume65
Issue number9
DOIs
Publication statusPublished - 2013 May

Keywords

  • Digital forensics
  • Live forensics
  • On-site investigation
  • Rapid investigation

ASJC Scopus subject areas

  • Modelling and Simulation
  • Computational Theory and Mathematics
  • Computational Mathematics

Fingerprint Dive into the research topics of 'On-site investigation methodology for incident response in Windows environments'. Together they form a unique fingerprint.

  • Cite this