"Performing an APT Investigation: Using People-Process-Technology-Strategy Model in Digital Triage Forensics"

Submitted by abfox on Tue, 02/14/2017 - 1:25pm

Title	"Performing an APT Investigation: Using People-Process-Technology-Strategy Model in Digital Triage Forensics"
Publication Type	Conference Paper
Year of Publication	2015
Authors	D. Y. Kao
Conference Name	2015 IEEE 39th Annual Computer Software and Applications Conference
Date Published	July
Publisher	IEEE
ISBN Number	978-1-4673-6564-2
Accession Number	15476108
Keywords	advanced persistent threat, APT, auditing logs, Computer crime, Computers, cyber security incident, cyberattacks, cybercrime investigation, cyberspace battle, digital data, digital evidence, digital forensic practitioner, digital forensics, digital triage forensics, evidence dynamics identification, golden triangle components, Nonvolatile memory, people-process-technology-strategy model, Plugs, PPTS model, pubcrawl170101, Random access memory
Abstract	Taiwan has become the frontline in an emerging cyberspace battle. Cyberattacks from different countries are constantly reported during past decades. The incident of Advanced Persistent Threat (APT) is analyzed from the golden triangle components (people, process and technology) to ensure the application of digital forensics. This study presents a novel People-Process-Technology-Strategy (PPTS) model by implementing a triage investigative step to identify evidence dynamics in digital data and essential information in auditing logs. The result of this study is expected to improve APT investigation. The investigation scenario of this proposed methodology is illustrated by applying to some APT incidents in Taiwan.
URL	http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7273322&isnumber=7273299
DOI	10.1109/COMPSAC.2015.10
Citation Key	7273322

Groups:

Science of Security VO