doi: 10.17586/2226-1494-2017-17-3-467-474


POST-INCIDENT INTERNAL AUDIT PROCEDURE OF COMPUTER DEVICES

I. S. Pantiukhin, I. A. Zikratov


Read the full article  ';
Article in Russian

For citation: Pantiukhin I.S., Zikratov I.A. Post-incident internal audit procedure of computer devices. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2017, vol. 17, no. 3, pp. 467–474 (in Russian). doi: 10.17586/2226-1494-2017-17-3-467-474

Abstract

The paper presents post-incident internal audit procedure of computer equipment. It enables to study computer incidents in various computer equipment (including several ones simultaneously) in the conditions of a constant increasing number of computer incidents, the volume of stored and processed information. Information about computer incidents is obtained by analyzing data in volatile and non-volatile memory, and network traffic. The problem is solved by analyzing the attributes and their values obtained from the post-incident computer equipment and resources. The technique of complex internal data audit is presented. This approach (analysis of attributes and their values) reduces the time costs. This technique includes data processing, description of the interrelationships, the usage of intelligent methods and algorithms. The descriptions of these elements, their notations and functional purposes are presented. Calculation of the proposed technique computational complexity is given. The technique can be used to examine computer incidents. It reduces time costs for study, improves accuracy and increases information content of the post-incident internal audit of computer equipment. The proposed solutions can be used to develop proactive protection systems against computer incidents.


Keywords: technique, post-incident internal audit, computer incident, computer forensics, information security, computer devices

References
1.     Pantiukhin I.S., Zikratov I.A., Levina A.B. Graph-based post incident internal audit method of computer equipment. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2016, vol. 16, no. 3, pp. 506–512. (In Russian) doi: 10.17586/2226-1494-2016-16-3-506-512
2.     Nelson B., Phillips A., Steuart C. Guide to Computer Forensics and Investigations: Processing Digital Evidence. 5th ed. Cengage Learning, 2016, 752 p.
3.     Altheide C., Carvey H. Digital Forensics with Open Source Tools. Elsevier, 2011, 288 p.
4.     Polstra P. Linux Forensics. Pentester Academy, 2015, 370 p.
5.     Physical Memory Attacks. Available at: https://privatecore.com/resources-overview/physical-memory-attacks/ (accessed 08.02.2017).
6.     Bishop M. An overview of computer viruses in a research environment. Technical Report PCS-TR91-156. Dartmouth College, Hanover, 1990.
7.     Choi H., Lee H., Kim H. Fast detection and visualization of network attacks on parallel coordinates // Computers and Security, 2009, vol. 28, no. 5, pp. 276–288. doi: 10.1016/j.cose.2008.12.003
8.     Hickok G. Digital Forensics Global Trends. 2014. Available at: http://www.security-daily.com/dsp_getFeaturesDetails.cfm?CID=3875 (accessed 08.02.2017).
9.     Tanenbaum A.S., Austin T. Structured Computer Organization. 6th ed. Pearson, 2012, 800 p.
10.  Volonino L., Anzaldua R. Computer Forensics for Dummies. John Wiley & Sons, 2008, 388 p.
11.  Solomon M.G., Rudolph K., Tittel E. et al. Computer Forensics JumpStart. John Wiley & Sons, 2011, 336 p.
12.  Nelson B., Phillips A., Steuart C. Guide to Computer Forensics and Investigations. Cengage Learning, 2014, 720 p.
13.  Kaspersky K. Data Recovery. Manual. St. Petersburg, BKhV-Peterburg Publ., 2006, 352 p. (In Russian)
14.  Senkevich G.E. Art of Data Recovery. St. Petersburg, BKhV-Peterburg Publ., 2011, 304 p. (In Russian)
15.  Tashkov P.A. 100% Data Recovery. St. Petersburg, Piter Publ., 2008, 206 p. (In Russian)
16.  Burdach M. Physical Memory Forensics. Black Hat, USA, 2006, 53 p.
17.  Ligh M.H., Case A., Levy J., Walters A. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Wiley, 2014, 912 p.
18.  Case A., Richard G.G. Memory forensics: the path forward. Digital Investigation, 2017, vol. 20, pp. 22–33. doi: 10.1016/j.diin.2016.12.004
19.  Davidoff S., Ham J. Network Forensics: Tracking Hackers through Cyberspace. Prentice Hall, 2012, 576 p.
20.  Meghanathan N., Allam S.R., Moore L.A. Tools and techniques for network forensics. arXiv preprint arXiv:1004.0570, 2010.
21.  Zikratov I., Pantiukhin I., Sizykh A. The method of classification of user and system data based on the attributes. Proc. 18th Conference of Open Innovations Association. St. Petersburg, Russia, 2016, pp. 404–409. doi: 10.1109/FRUCT-ISPIT.2016.7561557
22.  Zikratov I.A., Pantiukhin I.S., Krivtsova I.E., Druzhinin N.K. The method of elf-files identification based on the metric classification. Proc. 18th Conference of Open Innovations Association. St. Petersburg, Russia, 2016, pp. 397–403. doi: 10.1109/FRUCT-ISPIT.2016.7561556
23.  Krivtsova I.E., Salakhutdinova K.I., Yurin I.V. Method of executable filts identification by their signatures.Vestnik Gosudarstvennogo Universiteta Morskogo i Rechnogo Flota imeni Admirala S.O. Makarova, 2016, no. 1, pp. 215–224. (In Russian)
24.  Vorobeva A.A. Dynamic feature selection for web user identification on linguistic and stylistic features of online texts. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2017, vol. 17, no. 1, pp. 117–128. (In Russian). doi: 10.17586/2226-1494-2017-17-1-117-128
25.  Vorobeva A.A. Examining the performance of classification algorithms for imbalanced data sets in web author identification. Proc. 18th Conference of Open Innovations Association. St. Petersburg, Russia, 2016, pp. 385–390. doi: 10.1109/fruct-ispit.2016.7561554
26.  Vorobeva A.A. Forensic linguistics: automatic web author identification. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2016, vol. 16, no. 2, pp. 295–302. (In Russian).doi:10.17586/2226-1494-2016-16-2-295-302
Yurin I.V., Pantyukhin I.S. Testing the hypothesis of creating a digital polygraph based on video and audio data. Vestnik Gosudarstvennogo Universiteta Morskogo i Rechnogo Flota imeni Admirala S.O. Makarova, 2015, no. 3, pp. 202–209. (In Russian)


Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Copyright 2001-2021 ©
Scientific and Technical Journal
of Information Technologies, Mechanics and Optics.
All rights reserved.

Яндекс.Метрика