Title :
From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy
Author :
Altschaffel, Robert ; Kiltz, Stefan ; Dittmann, Jana
Author_Institution :
Otto-von-Guericke Univ., Magdeburg, Germany
Abstract :
Forensic investigations are usually conducted to solve crimes committed using IT systems as pertetrator and/or victim. However, depending on the size of IT system, also nonmalicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well known computer incident taxonomy, this paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and nonmalicious incidents. Additionally this taxonomy helps performing a forensic examination in establishing answers to a set of well defined questions during such an examination. The usefulness of the proposed forensic examination taxonomy is shown using a malicious and a nonmalicious example.
Keywords :
forensic science; security of data; IT system; computer forensic examination taxonomy; computer incident taxonomy; crimes solving; forensic investigation; nonmalicious incident; pertetrator; victim; Computer crime; Computer security; Conference management; Data analysis; Documentation; Failure analysis; Forensics; Law enforcement; Taxonomy; IT-forensics; computer security; taxonomy;
Conference_Titel :
IT Security Incident Management and IT Forensics, 2009. IMF '09. Fifth International Conference on
Conference_Location :
Stuttgart
Print_ISBN :
978-0-7695-3807-5
DOI :
10.1109/IMF.2009.17
