McGrath, Niall (2005) A Computer Forensic Methodology. Masters thesis, Dublin, National College of Ireland.
PDF (Master of Science)
Download (3MB) | Preview
Cybercrime is the name given to a recent phenomenon that covers computer fraud, theft of intellectual property or confidential data, harassment, defacement of a website, illegal use or abuse of a network or the perpetration of any crime with the use of a computer. At present the Cybercriminal is fully equipped to operate with relative impunity.
SYSTEM5 is proposed as an integrated methodology to address the problem of Cybercrime. It consists of five phases: (i) pre-incident, (ii) incident/formulation of a response strategy, (iii) incident/computer forensics process, (iv) post-incident and (v) legal phase.
It profiles the Cybercriminal's motivations and techniques of attack; it models the computer attack, determines the attacker's objectives during each phase and enables the formulation of a response strategy. The response strategy encompasses evidence retrieval and analysis which is carried out within legal constraints and requirements.
A prototype Expert System in Prolog was implemented. The approach was evaluated by an independent group of experts who concluded that SYSTEM5 contributes significantly to the domain of computer forensics. They also concluded that the methodology is capable of deployment in a variety of legal jurisdictions.
The research identifies potential avenues for expansion through the addition of new attack vectors and the refinement of the Expert System.
Keywords: Computer Forensics, Attack Model, Adversary Model, Vulnerability, Worm, Virus, Computer Incident Response, Artificial Intelligence (AI), Expert System (Shell), Inference Engine, Prolog, Unified Modelling Language (UML), Chain of Custody, Search and Seizure, Evidence Retrieval, Forensic Duplication, Bit Level Image, Expert Witness Testimony, Local Area Network (LAN), Transmission Control Protocol/Internet Protocol (TCPIIP), Intrusion Detection System (IDS).
Actions (login required)