• DocumentCode
    3658395
  • Title

    Performing an APT Investigation: Using People-Process-Technology-Strategy Model in Digital Triage Forensics

  • Author

    Da-Yu Kao

  • Author_Institution
    Dept. of Inf. Manage., Central Police Univ., Taoyuan, Taiwan
  • Volume
    3
  • fYear
    2015
  • fDate
    7/1/2015 12:00:00 AM
  • Firstpage
    47
  • Lastpage
    52
  • Abstract
    Taiwan has become the frontline in an emerging cyberspace battle. Cyberattacks from different countries are constantly reported during past decades. The incident of Advanced Persistent Threat (APT) is analyzed from the golden triangle components (people, process and technology) to ensure the application of digital forensics. This study presents a novel People-Process-Technology-Strategy (PPTS) model by implementing a triage investigative step to identify evidence dynamics in digital data and essential information in auditing logs. The result of this study is expected to improve APT investigation. The investigation scenario of this proposed methodology is illustrated by applying to some APT incidents in Taiwan.
  • Keywords
    "Computers","Digital forensics","Random access memory","Computer crime","Plugs","Nonvolatile memory"
  • Publisher
    ieee
  • Conference_Titel
    Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual
  • Electronic_ISBN
    0730-3157
  • Type

    conf

  • DOI
    10.1109/COMPSAC.2015.10
  • Filename
    7273322
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3658395