Title :
Preparing for the Next Wikileaks: Making Forensics Techniques Work
Author :
Erbacher, Robert F.
Author_Institution :
Northwest Security Inst., Redmond, WA, USA
Abstract :
The success of Manning in acquiring and releasing US State Department cables provides strong implications for the likelihood of similar insider threat attacks occurring again in the future. Such future attacks will likely employ more sophisticated methodologies. The first goal of this paper is to begin examining what such sophisticated insider threat attacks might include. Traditionally, organizations have avoided employing insider threat detection mechanisms due to the high rate of false positives and false negatives. This is a consequence of the chaotic nature and sheer volume of data needing analysis. A second goal of this paper is to begin proposing mechanism by which insider threat detection can be made feasible, especially in critical domains. More specifically this paper proposes multiple layers of event detection which when correlated over time will provide identification of significant irregularities requiring investigation.
Keywords :
computer forensics; data analysis; Manning; US State Department cable; Wikileaks; data analysis; event detection; false negative rate; false positive rate; forensics technique; insider threat attack; insider threat detection mechanism; irregularity identification; Correlation; Data visualization; Drives; Forensics; Government; Intrusion detection; Computer Crime; Forensics; Insider Threat; Intrusion Detection; Law Enforcement;
Conference_Titel :
Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop on
Conference_Location :
Oakland, CA
Print_ISBN :
978-1-4673-1242-4
DOI :
10.1109/SADFE.2011.14
