System Monitoring for Digital Forensic Investigation

System monitoring provides a useful pre-emptive solution to the problem of gathering information about how a system behaves at run-time for post-hoc analysis by system administrators and forensic experts. However, existing techniques are insufficient to support post-hoc event reconstruction in large-scale systems. The authors propose a distributed trace-based system monitor that permits the correlation of actions within and between hosts in the monitored domain where users specify policy defining either interesting or potentially unsafe events in a system that are, nevertheless, permitted for reasons of usability.

Provided by: Liverpool John Moores University Topic: Security Date Added: Jun 2011 Format: PDF

Find By Topic