Computational Documentation of IT Incidents as Support for Forensic Operations
This paper describes the development and prototypic implementation of a documentation system for IT incidents. A survey was conducted in order to obtain information on the current needs and likes of stakeholders involved in IT security. The outcome of this survey was used to create a documentation a...
Saved in:
| Published in: | 2011 Sixth International Conference on IT Security Incident Management and IT Forensics pp. 37 - 47 |
|---|---|
| Main Authors: | , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
01-05-2011
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | This paper describes the development and prototypic implementation of a documentation system for IT incidents. A survey was conducted in order to obtain information on the current needs and likes of stakeholders involved in IT security. The outcome of this survey was used to create a documentation approach, based on best practices, which is able to create contexts between information assets over long periods of times. Additionally, a prototype of this approach was implemented, showing the basic idea of computational assistance during the documentation of IT incidents. Hereby, orchestration and information retrieval methods were applied for saving efforts for the employees involved and supporting adaptability of the resulting system. The resulting documentation will be assisting in IT security management, hence offering a valuable source for IT investigators by enriching the chain of evidence with information on relationships between assets and incidents. |
|---|---|
| AbstractList | This paper describes the development and prototypic implementation of a documentation system for IT incidents. A survey was conducted in order to obtain information on the current needs and likes of stakeholders involved in IT security. The outcome of this survey was used to create a documentation approach, based on best practices, which is able to create contexts between information assets over long periods of times. Additionally, a prototype of this approach was implemented, showing the basic idea of computational assistance during the documentation of IT incidents. Hereby, orchestration and information retrieval methods were applied for saving efforts for the employees involved and supporting adaptability of the resulting system. The resulting documentation will be assisting in IT security management, hence offering a valuable source for IT investigators by enriching the chain of evidence with information on relationships between assets and incidents. |
| Author | Kurowski, S. Frings, S. |
| Author_xml | – sequence: 1 givenname: S. surname: Kurowski fullname: Kurowski, S. email: sebastian.kurowski@iao.fraunhofer.de organization: Inf. Manage., Fraunhofer IAO, Stuttgart, Germany – sequence: 2 givenname: S. surname: Frings fullname: Frings, S. email: sandra.frings@iao.fraunhofer.de organization: Inf. Manage., Fraunhofer IAO, Stuttgart, Germany |
| BookMark | eNotjE1PhDAYhJvoJrorJ49e-gfAvpR-HQ26SrK6B7lvWnibYBZKKBz896Lrc5nMTGa25HoIAxJyDywDYOaxet9nOQPIQF-RxCgNhVCKQSHVhmx_G5NzLeCGJDF-sRUpjVbilnyUoR-X2c5dGOyZPodm6XG4eBo8rWpaDU3XrlmkNtLPZRzDNFMfJroPEw6xa-hxxOlvEe_IxttzxORfd6Tev9TlW3o4vlbl0yHtDJtTbRVw2TqGvhHonBTCtqitBmgYy2VrmVKOe9d6VK5hwskCUQsjVasBPd-Rh8tth4incep6O32fhOGwwn8AT8lRCQ |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/IMF.2011.18 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: http://ieeexplore.ieee.org/Xplore/DynWel.jsp sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EndPage | 47 |
| ExternalDocumentID | 5931111 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IEGSK IERZE OCL RIE RIL |
| ID | FETCH-LOGICAL-i90t-8a7136db0efc5ebb655ade8a811c0026da077b3fbdfe7bc05b64ee85967d81ef3 |
| IEDL.DBID | RIE |
| ISBN | 9781457701467 1457701464 |
| IngestDate | Wed Jun 26 19:20:09 EDT 2024 |
| IsPeerReviewed | false |
| IsScholarly | false |
| LCCN | 2011923851 |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i90t-8a7136db0efc5ebb655ade8a811c0026da077b3fbdfe7bc05b64ee85967d81ef3 |
| PageCount | 11 |
| ParticipantIDs | ieee_primary_5931111 |
| PublicationCentury | 2000 |
| PublicationDate | 2011-May |
| PublicationDateYYYYMMDD | 2011-05-01 |
| PublicationDate_xml | – month: 05 year: 2011 text: 2011-May |
| PublicationDecade | 2010 |
| PublicationTitle | 2011 Sixth International Conference on IT Security Incident Management and IT Forensics |
| PublicationTitleAbbrev | imf |
| PublicationYear | 2011 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0000669875 |
| Score | 1.5270193 |
| Snippet | This paper describes the development and prototypic implementation of a documentation system for IT incidents. A survey was conducted in order to obtain... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 37 |
| SubjectTerms | Companies Context digital continuity distributed systems Documentation Documentation process forensic readiness Forensics information retrieval Information security IT incident management knowledge management security management |
| Title | Computational Documentation of IT Incidents as Support for Forensic Operations |
| URI | https://ieeexplore.ieee.org/document/5931111 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://sdu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09T8MwED1RJiZALeJbHhgxTZTY58y0FR0oSHRgq_xxlljSirT_H18SCgMLm20pUuSP3N2L33sAd6a0LH9LMiAGWTqlpKuClmgKo7xxHCQYunjDxbuZTFkm537PhSGi9vIZPXCz_Zcf1n7HUNlYVQWf8AEMsDIdV2uPp6TQmcpn1XK3FCJropTfkk59H3t-Xp5V4_nzrNPvZLePX74qbViZHf_vhU5g9MPPE6_7yHMKB1QPYdEZNPTgnpj0T7d9sY5ivhTpY8AeottG2Eawn2fKvUXKWgUbdNZpvcTLhrot0YxgOZsuH59k75YgP6psK41N5aYOLqPoFTmnlbKBjDV57rnQCjZDdEV0IRI6nymnSyKjKo3B5BSLMzis1zWdg0g1FaW0EBVhXrrobOGDzl1KfLyOvqQLGPJUrDadHsaqn4XLv4ev4KjDYfmS4DUcbj93dAODJuxu2xX8AmRBmfc |
| link.rule.ids | 310,311,782,786,791,792,798,27934,54767 |
| linkProvider | IEEE |
| linkToHtml | http://sdu.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV09T8MwELVoGWAC1CK-8cBIaKLEPmemrVrRFiQysFX-OEssaUXa_19fEgoDC5ttKVLkj9zdi997jD2oTJP8LUYOwEWZESIyuZMRqFQJqwwFCYIu3mHxoYYjksl53HNhELG-fIZP1Kz_5buV3RJUNhB5Sie8ww5FBhIattYeUQnBMxTQomZvCQBSRcm-RZ3aPrQMvSTOB9P5uFHwJL-PX84qdWAZn_zvlU5Z_4ehx9_2seeMHWDZY4vGoqGF9_iwfbru85Xn04KHzwG5iG4qritOjp4h--Yhb-Vk0VmGFeOva2w2RdVnxXhUPE-i1i8h-szjTaR0KDilMzF6K9AYKYR2qLRKEkulltMxgEm9cR7B2FgYmSEqkUtwKkGfnrNuuSrxgvFQVWFIDEEgJJnxRqfWycSE1MdKbzO8ZD2aiuW6UcRYtrNw9ffwPTuaFPPZcjZdvFyz4waVpSuDN6y7-driLetUbntXr-YOskOdSA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2011+Sixth+International+Conference+on+IT+Security+Incident+Management+and+IT+Forensics&rft.atitle=Computational+Documentation+of+IT+Incidents+as+Support+for+Forensic+Operations&rft.au=Kurowski%2C+S.&rft.au=Frings%2C+S.&rft.date=2011-05-01&rft.pub=IEEE&rft.isbn=9781457701467&rft.spage=37&rft.epage=47&rft_id=info:doi/10.1109%2FIMF.2011.18&rft.externalDocID=5931111 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781457701467/lc.gif&client=summon&freeimage=true |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781457701467/mc.gif&client=summon&freeimage=true |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9781457701467/sc.gif&client=summon&freeimage=true |