Preparing for the Next Wikileaks: Making Forensics Techniques Work

Author

Erbacher, Robert F.

Author_Institution

Northwest Security Inst., Redmond, WA, USA

fYear

2011

fDate

26-26 May 2011

Firstpage

1

Lastpage

8

Abstract

The success of Manning in acquiring and releasing US State Department cables provides strong implications for the likelihood of similar insider threat attacks occurring again in the future. Such future attacks will likely employ more sophisticated methodologies. The first goal of this paper is to begin examining what such sophisticated insider threat attacks might include. Traditionally, organizations have avoided employing insider threat detection mechanisms due to the high rate of false positives and false negatives. This is a consequence of the chaotic nature and sheer volume of data needing analysis. A second goal of this paper is to begin proposing mechanism by which insider threat detection can be made feasible, especially in critical domains. More specifically this paper proposes multiple layers of event detection which when correlated over time will provide identification of significant irregularities requiring investigation.

Keywords

computer forensics; data analysis; Manning; US State Department cable; Wikileaks; data analysis; event detection; false negative rate; false positive rate; forensics technique; insider threat attack; insider threat detection mechanism; irregularity identification; Correlation; Data visualization; Drives; Forensics; Government; Intrusion detection; Computer Crime; Forensics; Insider Threat; Intrusion Detection; Law Enforcement;

fLanguage

English

Publisher

ieee

Conference_Titel

Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop on

Conference_Location

Oakland, CA

Print_ISBN

978-1-4673-1242-4

Type

conf

DOI

10.1109/SADFE.2011.14

Filename

6159111