Using a virtual security testbed for digital forensic reconstruction

Springer Science and Business Media LLC - Tập 2 Số 4 - Trang 275-289 - 2007
André Årnes1, Paul Haas2, Giovanni Vigna2, Richard A. Kemmerer2
1Centre for Quantifiable Quality of Service in Communication Systems, Norwegian University of Science and Technology, Trondheim, Norway
2Department of Computer Science, University of California Santa Barbara, Santa Barbara, USA

Tóm tắt

Từ khóa


Tài liệu tham khảo

Richmond, M.: ViSe: A virtual security testbed. Master’s thesis, University of California, Santa Barbara (2005)

National Institute of Standards and Technology: (National software reference library (NSRL)) http://www.nsrl.nist.gov/ index.html

Murilo, N., Steding-Jessen, K.: (chkrootkit–locally checks for signs of a rootkit) http://www.chkrootkit.org/

Harbour, N.: (dcfldd - latest version 1.3.4) http://dcfldd. sourceforge.net/

Jacobson, V., Leres, C., McCanne, S.: (tcpdump/libpcap) http://www.tcpdump.org/

Betz, C.: (Memparser – a memory forensics analysis tool for microsoft windows systems) http://sourceforge.net/projects/memparser

Guidance Software, Inc.: Encase www.encase.com (2006)

Spencer, E.: ILook investigator toolsets www.ilook-forensics.org (2006)

Carrier, B.: The Sleuth Kit and Autopsy www.sleuthkit.org (2006)

AccessData: (Accessdata forensic toolkit (FTK)) http://www. accessdata.com/products/ftk/

Filiol, E.: Strong cryptography armoured computer viruses forbidding code analysis: the bradley virus. In: EICAR2005 annual conference 14 (2005)

Carrier, B.D., Spafford, E.H.: Defining event reconstruction of digital crime scenes. J. Forensic Sci. 49 (2004)

Broucek V. and Turner P. (2006). Winning the battles, losing the war? rethinking methodology for forensic computing research. J. Compu. Virol. 2(1): 3–12

Chisum, W.J., Turvey, B.E.: Evidence dynamics: Locard’s exchange principle crime reconstruction. J. Behav. Profiling 1(1) (2000)

O’Connor, T.: Introduction to crime reconstruction. Lecture Notes for Criminal Investigation North Carolina Wesleyan College (2004)

Aitken, C., Taroni, F.: Statistics and the Evaluation of Evidence for Forensic Scientists. Wiley, London (2004)

Carney, M., Rogers, M.: The Trojan Made Me Do It: A first step in statistical based computer forensics event reconstruction. Int. J. Digit. Evid. 2 (2004)

Carrier, B.: An event-based digital forensic investigation framework. In: Digital forensic research workshop (2004)

Stephenson, P.: Formal modeling of post-incident root cause analysis. Int. J. Digit. Evid. 2 (2003)

Gladyshev, P., Patel, A.: Finite state machine approach to digital event reconstruction. Digit. Invest. 1 (2004)

Stallard, T.B.: Automated analysis for digital forensic science. Master’s thesis, University of California, Davis (2002)

Stallard, T., Levitt, K.N.: Automated analysis for digital forensic science: Semantic integrity checking. In: ACSAC 160–169 (2003)

Abbott, J., Bell, J., Clark, A., Vel, O.D., Mohay, G.: Auto- mated recognition of event scenarios for digital forensics. In: SAC ’06: Proceedings of the 2006 ACM symposium on applied computing pp. 293–300. ACM Press, New York (2006)

Elsaesser, C., Tanner, M.C.: Automated diagnosis for computer forensics. Technical report, The MITRE Corporation (2001)

Neuhaus, S., Zeller, A.: Isolating intrusions by automatic experiments. In: Proceedings of the 13th annual network and distributed system security symposium. pp. 71–80 (2006)

Baca, E.: Using linux VMware and SMART to create a virtual computer to recreate a suspect’s computer www.linux-forensics.com (2003)

Provos, N.: The honeyd virtual honeypot www.honeyd.org (2005)

Honeynet Project: Know your enemy: Learning with VMware–building virtual honeynets using VMware www.honeynet.org (2003)

Seifried, K.: Honeypotting with VMware www.seifried.org (2002)

Rossey, L., Cunningham, R., Fried, D., Rabek, J., Lippman, R., Haines, J., Zissman, M.: LARIAT: lincoln adaptable real-time information assurance testbed. In: 2002 IEEE aerospace conference proceedings (2002)

Haines, J., Goulet, S., Durst, R., Champion, T.: Llsim: Network simulation for correlation and response testing. In: IEEE workshop on information assurance, West Point (2003)

White, B., Lepreau, J., Stoller, L., Ricci, R., Guruprasad, S., Newbold, M., Hibler, M., Barb, C., Joglekar, A.: An integrated experimental environment for distributed systems and networks. In: 5th symposium on operating systems design and implementation. USENIX Association, Boston 255–260 (2002)

The DETER project: The DETER Testbed: Overview www.isi.edu/deter (2004)

Jiang, X., Xu, D., Wang, H., Spafford, E.: Virtual playgrounds for worm behavior investigation. In: 8th International symposium on recent advances in intrusion detection, Seattle (2005)

Dike, J.: User mode linux user-mode-linux.sourceforge.net (2005)

Årnes, A., Haas, P., Vigna, G., Kemmerer, R.A.: Digital forensic reconstruction and the virtual security testbed ViSe. In: proceedings of conference on detection of intrusions and malware and vulnerability assessment (DIMVA), LNCS 4064, Springer, Berlin Heidelberg New York (2006)

Vada, H.: Rekonstruksjon av angrep mot IKT-systemer (reconstruction of attacks on ICT systems). Master’s thesis, Norwegian University of Science and Technology, Trondheim, Norway (2004)

VMware: VMware 5.0 manual www.vmware.com (2005)

University of Cambridge Computer Laboratory: The Xen virtual machine monitor http://www.cl.cam.ac.uk/ (2005)

Microsoft: Microsoft Virtual PC www.microsoft.com (2004)

The open web application security project: The ten most critical web application security vulnerabilities. Technical report, OWASP (2004)

Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199 (2004)

Honeynet Project: Detecting VMware www.honeynet.org (2005)

Shelton, T.: VMware Flaw in NAT Function Lets Remote Users Execute Arbitrary Code (2005) securitytracker.com

Cuff, A.: Talisker Anti Forensic Tools www.networkintrusion.co.uk (2004)

Leyden, J.: Trojan defence clears man on child porn charges http://www.theregister.co.uk/2003/04/24/trojan_defence_clears_man/(2003)

Rasch, M.: The giant wooden horse did it! http://www.securityfocus.com/columnists/208 (2004)

CERT: CERT Advisory CA-2003-20 W32/Blaster worm http://www.cert.org/advisories/CA-2003-20.html (2003)

[email protected]: PHPBB Viewtopic.PHP remote code execution vulnerability Bugtraq ID 14086 (2005)

aXiS: IWConfig Local ARGV command line buffer overflow vulnerability Bugtraq ID 8901 (2003)

Vozeler, M.: CDRTools RSH environment variable privilege escalation vulnerability Bugtraq ID 11075 (2004)

Thông tin
Thông tin xuất bản

Springer Science and Business Media LLC

Tập 2 Số 4

275-289

Thông tin tác giả