• DocumentCode
    1642108
  • Title

    From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy

  • Author

    Altschaffel, Robert ; Kiltz, Stefan ; Dittmann, Jana

  • Author_Institution
    Otto-von-Guericke Univ., Magdeburg, Germany
  • fYear
    2009
  • Firstpage
    54
  • Lastpage
    68
  • Abstract
    Forensic investigations are usually conducted to solve crimes committed using IT systems as pertetrator and/or victim. However, depending on the size of IT system, also nonmalicious incidents can be investigated using the same, methodological and proven techniques. Based upon the principles contained in the well known computer incident taxonomy, this paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and nonmalicious incidents. Additionally this taxonomy helps performing a forensic examination in establishing answers to a set of well defined questions during such an examination. The usefulness of the proposed forensic examination taxonomy is shown using a malicious and a nonmalicious example.
  • Keywords
    forensic science; security of data; IT system; computer forensic examination taxonomy; computer incident taxonomy; crimes solving; forensic investigation; nonmalicious incident; pertetrator; victim; Computer crime; Computer security; Conference management; Data analysis; Documentation; Failure analysis; Forensics; Law enforcement; Taxonomy; IT-forensics; computer security; taxonomy;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    IT Security Incident Management and IT Forensics, 2009. IMF '09. Fifth International Conference on
  • Conference_Location
    Stuttgart
  • Print_ISBN
    978-0-7695-3807-5
  • Type

    conf

  • DOI
    10.1109/IMF.2009.17
  • Filename
    5277851
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1642108