GRAPH-BASED POST INCIDENT INTERNAL AUDIT METHOD OF COMPUTER EQUIPMENT

Graph-based post incident internal audit method of computer equipment is proposed. The essence of the proposed solution consists in the establishing of relationships among hard disk damps (image), RAM and network. This method is intended for description of information security incident properties during the internal post incident audit of computer equipment. Hard disk damps receiving and formation process takes place at the first step. It is followed by separation of these damps into the set of components. The set of components includes a large set of attributes that forms the basis for the formation of the graph. Separated data is recorded into the non-relational database management system (NoSQL) that is adapted for graph storage, fast access and processing. Damps linking application method is applied at the final step. The presented method gives the possibility to human expert in information security or computer forensics for more precise, informative internal audit of computer equipment. The proposed method allows reducing the time spent on internal audit of computer equipment, increasing accuracy and informativeness of such audit. The method has a development potential and can be applied along with the other components in the tasks of users’ identification and computer forensics.

1. Derov E. Uchityvaya bystroe razvitie i rost populyarnosti tekhnologii Big Data, est' prichina zadumat'sya o tselesoobraznosti ikh primeneniya pri rassledovanii intsidentov IB. Available at: http://kabest.ru/press/news/754/index.php?print=Y (accessed 15.04.2016).
2. Carrier B. File System Forensic Analysis. Addison Wesley, 2005, 600 p.
3. Ligh M.H., Case A., Levy J., Walters A. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Wiley, 2014, 912 p.
4. Davidoff S., Ham J. Network Forensics: Tracking Hackers through Cyberspace. Prentice Hall, 2012, 576 p.
5. Bessonova E.E., Zikratov I.A., Roskov V.Yu. Analysis of Internet user identification methods. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2012, no. 6(82), pp. 128–129.
6. Bessonova E.E., Zikratov I.A., Kolesnikov Yu.L., Roskov V.Yu. Internet user identification method. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2012, no. 3(79), pp. 133–137.
7. Limon G.G. Forensic physical memory analysis: an overview of tools and techniques. In: TKK T-110.5290 Seminar on Network Security. Helsinki, Finland, 2007, pp. 305–320.
8. Carrier B.D., Grand J. A hardware-based memory acquisition procedure for digital investigations. Digital Investigation, 2004, vol. 1, no. 1, pp. 50–60. doi: 10.1016/j.diin.2003.12.001.
9. Wang W. A graph oriented approach for network forensic analysis. Graduate Theses and Dissertations. Iowa State University, 2010, 122 p..
10. Jajodia S., Noel S., O’Berry B. Topological analysis of network attack vulnerability / In: Managing Cyber Threats: Issues, Approaches and Challenges. Springer-Verlag, 2005. P. 248-266.
11. Vicknair C., Nan X., Macias M., Chen Y., Zhao Z., Wilkins D. A comparison of a graph database and a relational database: a data provenance perspective. Proc. 48th Annual South-East Regional Conf., ACM SE'10. Oxford, USA, 2010, art. 42. doi: 10.1145/1900008.1900067
12. Tanenbaum A.S. Structured Computer Organization. 6th ed. Pearson, 2012, 800 p.
13. Yurin I.V., Pantyukhin I.S. Testing the hypothesis of creating a digital polygraph based on video and audio data. Vestnik Gosudarstvennogo Universiteta Morskogo i Rechnogo Flota imeni Admirala S.O. Makarova, 2015, no. 3(31), pp. 202–209.
14. Khoroshevskii V.G. Arkhitektura Vychislitel'nykh Sistem [Architecture of Computer Systems]. Moscow, MGTU im. Baumana Publ., 2005, 510 p.
15. Harary F. Graph Theory. Addison-Wesley, 1969.
16. Tutte W.T. Graph Theory as I Have Known It. Oxford University Press, 2001, 360 p.
17. Christofides N. Graph Theory: An Algorithmic Approach. NY, Acadimic, 1975.
18. Bondy J.A., Murty U.S.R. Graph Theory with Applications. NY-Amsterdam-Oxford, North - Holland, 1976, 268 p.
 

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License