Computational Documentation of IT Incidents as Support for Forensic Operations
This paper describes the development and prototypic implementation of a documentation system for IT incidents. A survey was conducted in order to obtain information on the current needs and likes of stakeholders involved in IT security. The outcome of this survey was used to create a documentation a...
Saved in:
| Published in: | 2011 Sixth International Conference on IT Security Incident Management and IT Forensics pp. 37 - 47 |
|---|---|
| Main Authors: | , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
01-05-2011
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | This paper describes the development and prototypic implementation of a documentation system for IT incidents. A survey was conducted in order to obtain information on the current needs and likes of stakeholders involved in IT security. The outcome of this survey was used to create a documentation approach, based on best practices, which is able to create contexts between information assets over long periods of times. Additionally, a prototype of this approach was implemented, showing the basic idea of computational assistance during the documentation of IT incidents. Hereby, orchestration and information retrieval methods were applied for saving efforts for the employees involved and supporting adaptability of the resulting system. The resulting documentation will be assisting in IT security management, hence offering a valuable source for IT investigators by enriching the chain of evidence with information on relationships between assets and incidents. |
|---|---|
| ISBN: | 9781457701467 1457701464 |
| DOI: | 10.1109/IMF.2011.18 |