Journal of Digital Forensics, Security and Law (Dec 2012)

Forensic Evidence Identification and Modeling for Attacks against a Simulated Online Business Information System

  • Manghui Tu

Journal volume & issue
Vol. 7, no. 4
pp. 73 – 98

Abstract

Read online

Forensic readiness can support future forensics investigation or auditing on external/internal attacks, internal sabotage and espionage, and business frauds. To establish forensics readiness, it is essential for an organization to identify what evidences are relevant and where they can be found, to determine whether they are logged in a forensic sound way and whether all the needed evidences are available to reconstruct the events successfully. Â Our goal of this research is to ensure evidence availability. First, both external and internal attacks are molded as augmented attack trees/graphs based on the system vulnerabilities. Second, modeled attacks are conducted against a honeynet simulating an online business information system, and each honeypot's hard drive is forensic sound imaged for each individual attack. Third, an evidence tree/graph will be built after forensics examination on the disk images for each attack. The evidence trees/graphs are expected to be used for automatic crime scene reconstruction and automatic attack/fraud detection in the future.