Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Computational documentation of IT incidents as support for forensic operations

 
: Kurowski, S.; Frings, S.

:

Morgenstern, Holger (Ed.); Ehlert, Ralf (Ed.); Frings, Sandra (Ed.); Goebel, Oliver (Ed.); Guenther, Detlef (Ed.); Kiltz, Stefan (Ed.); Nedon, Jens (Ed.); Schadt, Dirk (Ed.) ; Institute of Electrical and Electronics Engineers -IEEE-; Gesellschaft für Informatik -GI-, Bonn:
6th International Conference on IT Security Incident Management and IT Forensics, IMF 2011 : 10 - 12 May 2011, Stuttgart, Germany; proceedings
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2011
ISBN: 978-0-7695-4403-8
ISBN: 978-1-4577-0146-7
S.37-47
International Conference on IT Security Incident Management and IT Forensics (IMF) <6, 2011, Stuttgart>
Englisch
Konferenzbeitrag
Fraunhofer IAO ()

Abstract
This paper describes the development and prototypic implementation of a documentation system for IT incidents. A survey was conducted in order to obtain information on the current needs and likes of stakeholders involved in IT security. The outcome of this survey was used to create a documentation approach, based on best practices, which is able to create contexts between information assets over long periods of times. Additionally, a prototype of this approach was implemented, showing the basic idea of computational assistance during the documentation of IT incidents. Hereby, orchestration and information retrieval methods were applied for saving efforts for the employees involved and supporting adaptability of the resulting system. The resulting documentation will be assisting in IT security management, hence offering a valuable source for IT investigators by enriching the chain of evidence with information on relationships between assets and incidents.

: http://publica.fraunhofer.de/dokumente/N-189596.html