Systematic and Practical Methods for Computer Forensics and Attack Analysis

Sean Peisert

Who attacked this computer system? What actions did they take? What damage did they do? With what degree of certainty, and under what assumptions, do we make these assertions? These questions are asked during the computer attack analysis process, but they are often hard to answer in practice. Computer scientists and security practitioners have made headway on developing functional systems for attack analysis. Some of those systems are based on theoretical models that help to construct complete solutions, but there are serious and important gaps in these systems. The result is an incomplete picture of the attack, or an incorrect analysis of what happened.

The goals of this project are to understand and improve methods used in forensic logging and computer attack analysis. To do this, we plan to extend the Laocošn model of forensics, and modify a system to enable us to implement the model. We will evaluate methods and assumptions used in attack analysis. In particular, we intend to apply these techniques to forensic technology used in the legal system, and to the insider problem.

 

 

 

 

 

---

Home Page	Planned Agenda	Invitation (PDF)
Summary (1 page, PDF)	Current Attendee List	R. S. V. P.
Meeting on June 17 in 1003 John D. Kemper Hall, UC Davis