Real-Time Forensics Through Endpoint Visibility

In the course of the last years, there has been an established forensic process in place known by every investigator and researcher. This traditional process is regarded to produce valid evidence when it comes to court trials and, more importantly, it specifies on a very precise level how to acquire a suspects machine and handle the data within. However, when new technologies come into play, certain constraints appear: Having an incident in a network containing thousands of machines, like a global corporate network, there is no such thing as shutting down and sending an investigation team. Moreover, the question appears: Is this an isolated incident, or are there any other clients affected?

[1]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[2]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[3]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[4]  S.N. Alsagoff Malware self protection mechanism , 2008, 2008 International Symposium on Information Technology.

[5]  Edgar R. Weippl,et al.  Effectiveness of file-based deduplication in digital forensics , 2016, Secur. Commun. Networks.

[6]  Hong Guo,et al.  Forensic investigations in Cloud environments , 2012, 2012 International Conference on Computer Science and Information Processing (CSIP).

[7]  Mark Pollitt,et al.  An Ad Hoc Review of Digital Forensic Models , 2007, Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'07).

[8]  Bradley L. Schatz,et al.  Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow , 2009, Digit. Investig..

[9]  Andreas Moser,et al.  Hunting in the enterprise: Forensic triage and incident response , 2013, Digit. Investig..

[10]  Christopher Krügel,et al.  Identifying Dormant Functionality in Malware Programs , 2010, 2010 IEEE Symposium on Security and Privacy.

[11]  Christopher Krügel,et al.  Effective and Efficient Malware Detection at the End Host , 2009, USENIX Security Symposium.

[12]  Brian D. Carrier,et al.  File System Forensic Analysis , 2005 .

[13]  Germano Caronni,et al.  Distributed forensics and incident response in the enterprise , 2011 .

[14]  Flávio Cruz,et al.  A scalable file based data store for forensic analysis , 2015, Digit. Investig..

[15]  Katharina Wagner,et al.  Digital Evidence And Computer Crime Forensic Science Computers And The Internet , 2016 .