Security

System Monitoring for Digital Forensic Investigation

Free registration required

Executive Summary

System monitoring provides a useful pre-emptive solution to the problem of gathering information about how a system behaves at run-time for post-hoc analysis by system administrators and forensic experts. However, existing techniques are insufficient to support post-hoc event reconstruction in large-scale systems. The authors propose a distributed trace-based system monitor that permits the correlation of actions within and between hosts in the monitored domain where users specify policy defining either interesting or potentially unsafe events in a system that are, nevertheless, permitted for reasons of usability.

  • Format: PDF
  • Size: 331.49 KB