Towards proactive computer-system forensics

Author

Bradford, Phillip G. ; Brown, Marcus ; Perdue, Josh ; Self, Bonnie

Author_Institution

Dept. of Comput. Sci., Alabama Univ., Tuscaloosa, AL, USA

Volume

2

fYear

2004

fDate

5-7 April 2004

Firstpage

648

Abstract

We examine principles and approaches for proactive computer-system forensics. Proactive computer-system forensics is the design, construction and configuring of systems to make them most amenable to digital forensics analyses in the future. The primary goals of proactive computer-system forensics are system structuring and augmentation for automated data discovery, lead formation, and efficient data preservation. We propose: (1) using the Neyman-Pearson Lemma to proactively build online forensics tests with the best possible critical regions for hypothesis testing, and (2) using classical stopping rules for sequential hypothesis testing to determine which users are deviating from standard usage behavior and should be the focus of more investigative resources. Here the focus is on security breaches by the employees or stakeholders of an organization. The main measurements are event-driven logs of program executions.

Keywords

business communication; computer crime; data mining; personnel; statistical analysis; Neyman-Pearson Lemma; augmentation; automated data discovery; classical stopping rules; data preservation; event-driven log; lead formation; online forensics test; proactive computer-system forensics; program execution; security breaches; sequential hypothesis testing; system structuring; Computer crime; Computer science; Computer security; Data mining; Data security; Digital forensics; Intrusion detection; Personnel; Programming profession; Sequential analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on

Print_ISBN

0-7695-2108-8

Type

conf

DOI

10.1109/ITCC.2004.1286727

Filename

1286727