On-site investigation methodology for incident response in Windows environments

Keungi Lee, Changhoon Lee, Sangjin Lee

Research output: Contribution to journalArticle

Abstract

In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

Original languageEnglish
Pages (from-to)1413-1420
Number of pages8
JournalComputers and Mathematics with Applications
Volume65
Issue number9
DOIs
Publication statusPublished - 2013 May 1

Fingerprint

Personal computers
Servers
Display devices
Attack
Path
Methodology
Damage
DDoS
Web Server
Personal Computer
Display

Keywords

  • Digital forensics
  • Live forensics
  • On-site investigation
  • Rapid investigation

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Modelling and Simulation
  • Computational Mathematics

Cite this

On-site investigation methodology for incident response in Windows environments. / Lee, Keungi; Lee, Changhoon; Lee, Sangjin.

In: Computers and Mathematics with Applications, Vol. 65, No. 9, 01.05.2013, p. 1413-1420.

Research output: Contribution to journalArticle

@article{1d885603708b4b51a1104740ad83e4cd,
title = "On-site investigation methodology for incident response in Windows environments",
abstract = "In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.",
keywords = "Digital forensics, Live forensics, On-site investigation, Rapid investigation",
author = "Keungi Lee and Changhoon Lee and Sangjin Lee",
year = "2013",
month = "5",
day = "1",
doi = "10.1016/j.camwa.2012.01.029",
language = "English",
volume = "65",
pages = "1413--1420",
journal = "Computers and Mathematics with Applications",
issn = "0898-1221",
publisher = "Elsevier Limited",
number = "9",

}

TY - JOUR

T1 - On-site investigation methodology for incident response in Windows environments

AU - Lee, Keungi

AU - Lee, Changhoon

AU - Lee, Sangjin

PY - 2013/5/1

Y1 - 2013/5/1

N2 - In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

AB - In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

KW - Digital forensics

KW - Live forensics

KW - On-site investigation

KW - Rapid investigation

UR - http://www.scopus.com/inward/record.url?scp=84877751992&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84877751992&partnerID=8YFLogxK

U2 - 10.1016/j.camwa.2012.01.029

DO - 10.1016/j.camwa.2012.01.029

M3 - Article

AN - SCOPUS:84877751992

VL - 65

SP - 1413

EP - 1420

JO - Computers and Mathematics with Applications

JF - Computers and Mathematics with Applications

SN - 0898-1221

IS - 9

ER -