Title :
Intrusion Investigations with Data-Hiding for Computer Log-File Forensics
Author :
Fan, Ya-Ting ; Wang, Shiuh-Jeng
Author_Institution :
Dept. of Inf. Manage., Central Police Univ., Taoyuan, Taiwan
Abstract :
In most of companies or organizations, logs play important role in information security. However, the common security mechanism only backup logs, it is not able to find out traces of intruders because the hacker who is able to intrudes the security mechanism of organization would try to alter logs or destroy important intrusion evidences making it impossible to preserve evidence using traditional log security strategies. Thus, logs are not considered as evidence to prove the damage. In that case, digital evidence lacks in terms of completeness which makes it difficult to perform computer forensics operations. In order to maintain the completeness and reliability of evidence for later forensic procedures and intrusion detection, the study applies concepts of steganography to logs forensics, for which even intrusion altered records will be kept as well. Comparing to traditional security strategies, this study proposes a better logging mechanism to ensure the completeness of logs. Furthermore, the study will assist in intrusion detection through alteration behavior, and help in forensic operations.
Keywords :
computer forensics; data privacy; steganography; system monitoring; backup logs; computer forensics operation; computer log file forensics; data hiding; information security; intrusion investigation; logging mechanism; steganography; traditional log security strategy; Computer network management; Computer networks; Computer security; Data security; Forensics; Information security; Internet; Maintenance; Management training; Protection;
Conference_Titel :
Future Information Technology (FutureTech), 2010 5th International Conference on
Conference_Location :
Busan
Print_ISBN :
978-1-4244-6948-2
DOI :
10.1109/FUTURETECH.2010.5482741
