Prioritizing Computer Forensics Using Triage Techniques

Gielen, M W (2014) Prioritizing Computer Forensics Using Triage Techniques.

[img]
Preview
PDF
438kB
Abstract:There is a lot of information contained on a single computer and a company can contain a lot of computer and other devices. If there is a breach somewhere in this organization how will a forensic analyst find the source and extend of the breach? Investigating all of the computer is not doable, there are simply too much computers and information. One of the solutions to this problem is the use of forensic triage. This research combines a couple of forensic triage methods and uses these techniques to classify computers into either malicious or clean. This method was tested on two datasets, a generated set and a set containing computers from real companies. The first dataset was reduced by 50% where the remaining computers were all infected. The second dataset was reduced by 79%, the result included all of the malicious computers. Thus this method can be used successful to reduce the workload of forensic analysts.
Item Type:Essay (Master)
Clients:
Fox-It, Delft, Nederland
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:http://purl.utwente.nl/essays/65671
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page