Title :
Towards proactive computer-system forensics
Author :
Bradford, Phillip G. ; Brown, Marcus ; Perdue, Josh ; Self, Bonnie
Author_Institution :
Dept. of Comput. Sci., Alabama Univ., Tuscaloosa, AL, USA
Abstract :
We examine principles and approaches for proactive computer-system forensics. Proactive computer-system forensics is the design, construction and configuring of systems to make them most amenable to digital forensics analyses in the future. The primary goals of proactive computer-system forensics are system structuring and augmentation for automated data discovery, lead formation, and efficient data preservation. We propose: (1) using the Neyman-Pearson Lemma to proactively build online forensics tests with the best possible critical regions for hypothesis testing, and (2) using classical stopping rules for sequential hypothesis testing to determine which users are deviating from standard usage behavior and should be the focus of more investigative resources. Here the focus is on security breaches by the employees or stakeholders of an organization. The main measurements are event-driven logs of program executions.
Keywords :
business communication; computer crime; data mining; personnel; statistical analysis; Neyman-Pearson Lemma; augmentation; automated data discovery; classical stopping rules; data preservation; event-driven log; lead formation; online forensics test; proactive computer-system forensics; program execution; security breaches; sequential hypothesis testing; system structuring; Computer crime; Computer science; Computer security; Data mining; Data security; Digital forensics; Intrusion detection; Personnel; Programming profession; Sequential analysis;
Conference_Titel :
Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on
Print_ISBN :
0-7695-2108-8
DOI :
10.1109/ITCC.2004.1286727
