ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Network Forensics
Full text HtmlHtml (21 KB),  PdfPdf (496 KB)
Source
Queue archive
Volume 2 ,  Issue 4  (June 2004) table of contents
Surviving Network Attacks
FEATURE: Q focus: Security table of contents
Pages: 50 - 56  
Year of Publication: 2004
ISSN:1542-7730
Author
Ben Laurie  A.L. Digital
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 164,   Downloads (12 Months): 640,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1016978.1016982
What is a DOI?

ABSTRACT

The dictionary defines forensics as "the use of science and technology to investigate and establish facts in criminal or civil courts of law." I am more interested, however, in the usage common in the computer world: using evidence remaining after an attack on a computer to determine how the attack was carried out and what the attacker did.

The standard approach to forensics is to see what can be retrieved after an attack has been made, but this leaves a lot to be desired. The first and most obvious problem is that successful attackers often go to great lengths to ensure that they cover their trails. The second is that unsuccessful attacks often go unnoticed, and even when they are noticed, little information is available to assist with diagnosis.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
1. For more on the Slapper story, see my rant: Security: Why do I bother? O'Reilly Network; http:// www.oreillynet.com/pub/wlg/2004.
 
2
2. The Coroner's Toolkit; see: http://www.porcupine.org/ forensics/tct.html.
 
3
3. Scheidler, B. syslog-ng. http://www.balabit.com/ products/syslog_ng/.
 
4
4. Bird, T., and Ranum, M. Loganalysis.org, http://www.loganalysis.org/.

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses)


General Terms:
Algorithms, Security

Collaborative Colleagues:
Ben Laurie: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player