JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Digital Forensic Indicators of Compromise Format(DFIOC) and Its Application
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Digital Forensic Indicators of Compromise Format(DFIOC) and Its Application
Lee, Min Wook; Yoon, Jong Seong; Lee, Sang Jin;
  PDF(new window)
 Abstract
Computer security incident such as confidential information leak and data destruction are constantly growing and it becomes threat to information in digital devices. To respond against the incident, digital forensic techniques are also developing to help digital incident investigation. With the development of digital forensic technology, a variety of forensic artifact has been developed to trace the behavior of users. Also, a diversity of forensic tool has been developed to extract information from forensic artifact. However, there is a issue that information from forensic tools has its own forms. To solve this problem, it needs to process data when it is output from forensic tools. Then it needs to compare and analyze processed data to identify how data is related each other and interpret the implications. To reach this, it calls for effective method to store and output data in the course of data processing. This paper aims to propose DFIOC (Digital Forensic Indicators Of Compromise) that is capable of transcribing a variety of forensic artifact information effectively during incident analysis and response. DFIOC, which is XML based format, provides "Evidence" to represent various forensic artifacts in the incident investigation. Furthermore, It provides "Forensic Analysis" to report forensic analysis result and also gives "Indicator" to investigate the trace of incidence quickly. By logging data into one sheet in DFIOC format for forensic analysis process, it is capable of avoiding unnecessary data processing. Lastly, since collected information is recorded in a normalized format, data input and output becomes much easier as well as it will be convenient to use for identification of collected information and analysis of data relationship.
 Keywords
Incident Response;Digital Forensic;Forensic Artifacts Collecting Format;Indicator of Compromise(IOC);
 Language
Korean
 Cited by
1.
Cuckoo Sandbox를 이용한 포렌식 침해지표 자동생성 및 활용 방안,강봉구;윤종성;이민욱;이상진;

정보처리학회논문지:컴퓨터 및 통신 시스템, 2016. vol.5. 11, pp.419-426 crossref(new window)
 References
1.
Alessandro Guarino, "Digital Forensics as a Big Data Challenge," StudioAG, ISSE 2013 Securing Electronic Business Processes, Vol.6, pp.197-203, 2013.

2.
Yinghua Guo, Jill Slay, and Jason Beckett, "Validation and verification of computer forensic software, toolsdSearching Function," Digital Investigation, Vol.6, pp.S12-S22, Sep., 2009. crossref(new window)

3.
Karen Kent, Suzanne Chevalier, Tim Grance, and Hung Dang, "Guide to Integrating Forensic Techniques into Incident Response," NIST SP800-86 Notes, Aug., 2006.

4.
MITRE [Internet], https://cyboxproject.github.io.

5.
Eoghan Casey, Greg Back, and Sean Barnum, "Leveraging CybOX to standardize representation and exchange of digital forensic information," Digital Investication, Vol.12, pp.102-110, Mar., 2015. crossref(new window)

6.
Eoghan Casey, Greg Back, Sean Barnum [Internet], https://github.com/DFAX/dfax.

7.
Mandiant [Internet], http://www.openioc.org.

8.
Simson Garfinkel, "Digital forensics XML and the DFXML toolset," Vol.8. pp.161-174. Feb., 2012. crossref(new window)

9.
Simson Garfinkel [Internet], https://github.com/simsong/dfxml.

10.
Stephen Larson, "Book Review: The Basics of Digital Forensics: The Primer For Getting Started in Digital Forensics," Journal of Digital Forensics, Security and Law, Vol.9, No.1, pp.83-85, 2014.