skip to main content
10.1145/1940941.1940975acmotherconferencesArticle/Chapter ViewAbstractPublication PagesinfoseccdConference Proceedingsconference-collections
research-article

A forensic approach to incident response

Published: 01 October 2010 Publication History

Abstract

An incident response plan is critical for the detection and removal of information security threats. Incident response involves many aspects other than technical issues. There are management, legal, and social issues that an incident response team needs to consider. An incident response identifies, contains, and eliminates the incident. Then, the compromised system is fully recovered and restored. To hold the intruder accountable, a forensic investigation is needed. Documentation of all activities and evidence gathering is crucial when during the entire response and investigation. The paper proposes and discusses interconnected methodological frameworks for both incident response and network forensics.

References

[1]
Adelstein, F. 2006. Live forensics: diagnosing your system without killing it first. Communications of the ACM. 49, 2, (Feb. 2006), 63--66.
[2]
Brown, D. 2008. Incident response: communication is key. Security Magazine. Retrieved from http://www.securitymagazine.com/Articles/Feature_Article/BNP_GUID_9-5-2006_A_10000000000000227258
[3]
Jajodia, S., McCollum, C., and Ammann, P. 1999. Trusted recovery: prevention and detection receive most of the attention, but recovery is an equally important phase of information warfare defense. Communications of the ACM. 42, 7, (July. 1999), 71--75.
[4]
Lathoud, B. 2004. Formalization of the processing of electronic traces. International Review of Law Computers & Technology. 18, 5. (July. 2004) DOI= 10.1080/1360086042000223490.
[5]
Mitchell, R., Marcella, R., and Baxter, G. 1999. Corporate information security management. New Library World. 100, 5, (1999), 213--227. DOI= 10.1108/0307480991028588.
[6]
Mitropoulos, S., Patsos, D., and Douligeris, C. On incident handing and response: a state-of-the-art approach. Computers & Security. 25. (2006), 351--370. DOI= 10.1016/j.case.2005.09.006.
[7]
Paul, G. 2009. Improving logical security for critical infrastructure. Frost & Sullivan. Retrieved from http://www.frost.com/prod/servlet/market-insight-top.pag?docid=164966592.
[8]
Pilli, E., Joshi, R. C., and Niyogi, R. 2010. A generic framework for network forensics. International Journal of Computer Applications. 1, 11. (2010). Retrieved from http://www.ijcaonline.org/journal/number11/pxc387408.pdf.
[9]
Rollason-Reese, R. 2003. Incident handling: an orderly response to unexpected events. ACM. New York, NY, 97--102. DOI= http://doi.acm.org/10.1145/947469.947496.
[10]
Sanderson, E. and Forcht, K. 1996. Information security in business environments. Information Management and Computer Security. 4, 1. (1996), 32--37. DOI= 10.1108/09685229610114187
[11]
Tan, T., Ruighaver, T., and Ahmad, A. 2003. Incident handling: where the need for planning is often not recognized. In 1st Australia Computer, Network & Information Forensics Conference 2003. (Perth, Western Australia, 2003). Retrieved from http://frogchunk.com/documentation/security-management/terenceatiftobias.pdf.
[12]
Werlinger, R., Muldner, K., Hawkey, K., and Beznosov, K. 2010. Preparation, detection, and analysis: the diagnostic work of IT security incident response. Information Management & Computer Security. 18, 1 (2010). DOI= 10.1108/09685221011035241.
[13]
Whitman, M. and Mattord, H. 2010. Management of Information Security, 3rd Edition. Cengage, Learning/Course Technology, Boston, MA 02210.
[14]
Wilcox, S., and Brown, D. 2005. Responding to security incidents - sooner of later you systems will be compromised. Journal of Health Care Compliance. 7, 2 (April. 2005), 41--48.

Cited By

View all
  • (2024)Swarm-intelligence for the modern ICT ecosystemsInternational Journal of Information Security10.1007/s10207-024-00869-123:4(2951-2975)Online publication date: 1-Aug-2024
  • (2022)Agile incident response (AIR)International Journal of Information Management: The Journal for Information Professionals10.1016/j.ijinfomgt.2021.10243562:COnline publication date: 3-Jan-2022
  • (2015)Process Model of Digital Forensics Readiness Scheme (DFRS) as a Recommendation of Digital Evidence Preservation2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec)10.1109/CyberSec.2015.31(117-122)Online publication date: Oct-2015
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
InfoSecCD '10: 2010 Information Security Curriculum Development Conference
October 2010
187 pages
ISBN:9781450302029
DOI:10.1145/1940941
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • KSU - CISE: KSU Center for InfoSec Education
  • ISSA: The Metro Atlanta Information Systems Security Association

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. evidence
  2. incident response
  3. network forensics
  4. network traces

Qualifiers

  • Research-article

Conference

InfoSecCD '10
Sponsor:
  • KSU - CISE
  • ISSA

Acceptance Rates

Overall Acceptance Rate 18 of 23 submissions, 78%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)31
  • Downloads (Last 6 weeks)1
Reflects downloads up to 11 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Swarm-intelligence for the modern ICT ecosystemsInternational Journal of Information Security10.1007/s10207-024-00869-123:4(2951-2975)Online publication date: 1-Aug-2024
  • (2022)Agile incident response (AIR)International Journal of Information Management: The Journal for Information Professionals10.1016/j.ijinfomgt.2021.10243562:COnline publication date: 3-Jan-2022
  • (2015)Process Model of Digital Forensics Readiness Scheme (DFRS) as a Recommendation of Digital Evidence Preservation2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec)10.1109/CyberSec.2015.31(117-122)Online publication date: Oct-2015
  • (2015)Technologies' Application, Rules, and Challenges of Information Security on Information and Communication TechnologiesProceedings of the 2015 Asia-Pacific Conference on Computer Aided System Engineering10.1109/APCASE.2015.74(380-386)Online publication date: 14-Jul-2015
  • (2013)The architecture of a digital forensic readiness management systemComputers and Security10.5555/2748150.274858232:C(73-89)Online publication date: 1-Feb-2013
  • (2013)Semantic Representation and Integration of Digital EvidenceProcedia Computer Science10.1016/j.procs.2013.09.21422(1266-1275)Online publication date: 2013
  • (2012)A conceptual model for digital forensic readiness2012 Information Security for South Africa10.1109/ISSA.2012.6320452(1-8)Online publication date: Aug-2012

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media