Digital Forensic Indicators of Compromise Format(DFIOC) and Its Application


KIPS Transactions on Computer and Communication Systems, Vol. 5, No. 4, pp. 95-102, Apr. 2016
10.3745/KTCCS.2016.5.4.95, Full Text:

Abstract

Computer security incident such as confidential information leak and data destruction are constantly growing and it becomes threat to information in digital devices. To respond against the incident, digital forensic techniques are also developing to help digital incident investigation. With the development of digital forensic technology, a variety of forensic artifact has been developed to trace the behavior of users. Also, a diversity of forensic tool has been developed to extract information from forensic artifact. However, there is a issue that information from forensic tools has its own forms. To solve this problem, it needs to process data when it is output from forensic tools. Then it needs to compare and analyze processed data to identify how data is related each other and interpret the implications. To reach this, it calls for effective method to store and output data in the course of data processing. This paper aims to propose DFIOC (Digital Forensic Indicators Of Compromise) that is capable of transcribing a variety of forensic artifact information effectively during incident analysis and response. DFIOC, which is XML based format, provides "Evidence" to represent various forensic artifacts in the incident "nvestigation. Furthermore, It provides "Forensic Analysis" to report forensic analysis result and also gives "Indicator" to investigate the trace of incidence quickly. By logging data into one sheet in DFIOC format for forensic analysis process, it is capable of avoiding unnecessary data processing. Lastly, since collected information is recorded in a normalized format, data input and output becomes much easier as well as it will be convenient to use for identification of collected information and analysis of data relationship.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
L. M. Wook, Y. J. Seong and L. S. Jin, "Digital Forensic Indicators of Compromise Format(DFIOC) and Its Application," KIPS Transactions on Computer and Communication Systems, vol. 5, no. 4, pp. 95-102, 2016. DOI: 10.3745/KTCCS.2016.5.4.95.

[ACM Style]
Lee Min Wook, Yoon Jong Seong, and Lee Sang Jin. 2016. Digital Forensic Indicators of Compromise Format(DFIOC) and Its Application. KIPS Transactions on Computer and Communication Systems, 5, 4, (2016), 95-102. DOI: 10.3745/KTCCS.2016.5.4.95.