• Corpus ID: 17701843

A Common Process Model for Incident Response and Computer Forensics

@inproceedings{Freiling2007ACP,
  title={A Common Process Model for Incident Response and Computer Forensics},
  author={Felix C. Freiling and Bastian Schwittay},
  booktitle={International Conference on IT-Incidents Management \& IT-Forensics},
  year={2007}
}
Incident Response and Computer Forensics are two areas with similar goals but distinct process models. While in both cases the goal is to investigate computer security incidents and contain their effects, Incident Response focusses more on restoration of normal service and Computer Forensics on the provision of evidence that can be used in a court of law. In this paper we present a common model for both Incident Response and Computer Forensics processes which combines their advantages in a… 

Figures from this paper

Applying a Digital forensic readiness framework: Three case studies

Forensic investigation frameworks are classified to expose gaps in proactive forensics research and the applicability of a proactive forensic plan into each incident is discussed and put into context.

“Chain of Digital Evidence” Based Model of Digital Forensic Investigation Process

The aim of this paper is to compare different existing models and framework developed in recent years and propose a new framework based on “chain of digital evidence”, modeled using a UML – Use Case and Activity diagrams.

A digital forensic readiness components for operational unit

This research aims to identify from existing studies, the concept of digital forensic readiness and how they apply to operational unit, and propose appropriate components of digital forensics readiness for operational unit.

Common investigation process model for database forensic investigation discipline

Results of this study showed that with the determining of the frequently shared process, it could be easier for the new users to recognize the processes and also to serve as the basic fundamental concept for the improvement of a new set of processes.

Adapting Traceability in Digital Forensic Investigation Process

The adaptability of the traceability model is introduced to illustrate the relationship in the digital forensic investigation process by integrating the traceable features and shows the link between the evidence, the entities and the sources involved in the process.

Traceability in digital forensic investigation process

A trace map model is introduced to illustrate the relationship in the digital forensic investigation process by adapting and integrating the traceability features and shows the link between the evidence, the entities and the sources involved in the process, particularly in the collection phase ofdigital forensic investigation framework.

A NEW APPROACH FOR RESOLVING CYBER CRIME IN NETWORK FORENSICS BASED ON GENERIC PROCESS MODEL

The proposed approach aims to use cyber crime evidence to help investigators to resolve cyber crime efficiently and is based on the generic and modern process model for network forensics.

From the Computer Incident Taxonomy to a Computer Forensic Examination Taxonomy

This paper proposes the establishment a common language for the description of computer forensic examinations, both in malicious and non-malicious incidents, and helps performing a forensic examination in establishing answers to a set of well-definied questions during such an examination.

A Method for Reducing the Risk of Errors in Digital Forensic Investigations

This auditing methodology is not designed to replace a digital forensic practitioner but to aid their investigation process, acting as a method for reducing the risks of missed or misinterpreted evidence.
...

References

SHOWING 1-10 OF 11 REFERENCES

Incident Response & Computer Forensics, 2nd Ed.

Written by FBI insiders, this updated best-seller offers a look at the legal, procedural, and technical steps of incident response and computer forensics. Including new chapters on forensic analysis

Computer Security Incident Handling Guide

This guideline should not be held as binding to law enforcement personnel relative to the investigation of criminal activity, and should be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other Federal official.

File System Forensic Analysis

Whether you're a digital forensics specialist, incident response team member, law enforcement officer, corporate security specialist, or auditor, this book will become an indispensable resource for forensic investigations, no matter what analysis tools you use.

Towards automating analysis in computer forensics

  • Master’s thesis, RWTH Aachen University, Department of Computer Science,
  • 2006

Computer Security Incident Handling Guide

Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition

The opinions or points of view expressed in this document represent a consensus of the authors and do not necessarily represent the official position or policies of the U.S. Department of Justice.

The Risk Equation

  • The Risk Equation

U KA ssociationofChief Police Officers. Good PracticeGuide forC omputer based EletronicEvidence .N ationalHi-Tech CrimeUnit

  • 2003

UK Association of Chief Police Officers. Good Practice Guide for Computer based Eletronic Evidence. National Hi-Tech Crime Unit

  • UK Association of Chief Police Officers. Good Practice Guide for Computer based Eletronic Evidence. National Hi-Tech Crime Unit
  • 2003