On-site investigation methodology for incident response in Windows environments

Keungi Lee; Changhoon Lee; Sangjin Lee

doi:10.1016/j.camwa.2012.01.029

On-site investigation methodology for incident response in Windows environments

Keungi Lee
, Changhoon Lee
, Sangjin Lee

Dept. of Computer Science and Engineering

Korea University

Research output: Contribution to journal › Article › peer-review

Abstract

In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

Original language	English
Pages (from-to)	1413-1420
Number of pages	8
Journal	Computers and Mathematics with Applications
Volume	65
Issue number	9
DOIs	https://doi.org/10.1016/j.camwa.2012.01.029
State	Published - May 2013

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 16 Peace, Justice and Strong Institutions

Keywords

Digital forensics
Live forensics
On-site investigation
Rapid investigation

Access to Document

10.1016/j.camwa.2012.01.029

Cite this

@article{91847fc354c345dba3f55ecd9cfd5584,

title = "On-site investigation methodology for incident response in Windows environments",

abstract = "In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.",

keywords = "Digital forensics, Live forensics, On-site investigation, Rapid investigation",

author = "Keungi Lee and Changhoon Lee and Sangjin Lee",

year = "2013",

month = may,

doi = "10.1016/j.camwa.2012.01.029",

language = "English",

volume = "65",

pages = "1413--1420",

journal = "Computers and Mathematics with Applications",

issn = "0898-1221",

number = "9",

}

TY - JOUR

T1 - On-site investigation methodology for incident response in Windows environments

AU - Lee, Keungi

AU - Lee, Changhoon

AU - Lee, Sangjin

PY - 2013/5

Y1 - 2013/5

N2 - In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

AB - In recent years, various computers have been compromised through several paths. In particular, the attack patterns and paths are becoming more various than in the past. Furthermore, systems damaged by hackers are used as zombie systems to attack other web servers or personal computers, so there is a high probability to spread secondary damage such as DDoS. Also, previously, hacking and malicious code were carried out for self-display or simple curiosity, but recently they are related to monetary extortion. In order to respond to incidents correctly, it is important to measure the damage to a system rapidly and determine the attack paths. This paper will discuss an on-site investigation methodology for incident response and also describe the limitations of this methodology.

KW - Digital forensics

KW - Live forensics

KW - On-site investigation

KW - Rapid investigation

UR - https://www.scopus.com/pages/publications/84877751992

U2 - 10.1016/j.camwa.2012.01.029

DO - 10.1016/j.camwa.2012.01.029

M3 - Article

AN - SCOPUS:84877751992

SN - 0898-1221

VL - 65

SP - 1413

EP - 1420

JO - Computers and Mathematics with Applications

JF - Computers and Mathematics with Applications

IS - 9

ER -

On-site investigation methodology for incident response in Windows environments

Abstract

UN SDGs

Keywords

Access to Document

Other files and links

Fingerprint

Cite this