Skip to main content
USENIX
  • Conferences
  • Students
Sign in

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Improving the Trustworthiness of Evidence Derived from Security Trace Files
Tweet

connect with us

Improving the Trustworthiness of Evidence Derived from Security Trace Files

Authors: 

Ennio Pozzetti, Politecnico di Milano; Vidar Vetland, Carleton University

Abstract: 

Evidence is required to prosecute intruders in computer systems and networks. Reliable trace files are needed to obtain such evidence. Trace files normally contain vast amounts of data of which only small portions are useful as evidence. Use of temporary files during analysis of the data is dangerous because inconsistencies may be introduced in that way. Since one inconsistency is enough to reduce the trustworthiness of the evidence, it is of paramount importance to develop a consistent way to extract and analyze information from trace files. In this paper we suggest such a method accompanied by proper tool support. We conclude that the raw trace files should never be altered, not even for the purpose of making them readable. All extraction and purification should be the result of systematic application of data filters. The systematic use of filters should be repeatable so that anyone can apply the filters. Thus the filters document the process from raw traces to information used as evidence.

Ennio Pozzetti, Politecnico di Milano

Vidar Vetland, Carleton University

BibTeX
@inproceedings {253572,
author = {Ennio Pozzetti and Vidar Vetland},
title = {Improving the Trustworthiness of Evidence Derived from Security Trace Files},
booktitle = {5th USENIX UNIX Security Symposium (USENIX Security 95)},
year = {1995},
address = {Salt Lake City, UT},
url = {https://www.usenix.org/conference/5th-usenix-unix-security-symposium/improving-trustworthiness-evidence-derived-security},
publisher = {USENIX Association},
month = jun,
}
Download

Links

Paper: 
http://usenix.org/publications/library/proceedings/security95/full_papers/pozzetti.pdf
  • Log in or    Register to post comments

© USENIX

  • Privacy Policy
  • Contact Us