Digital Forensics (DF) is defined as the ensemble of methods, tools and techniques
used to collect, preserve and analyse digital data originating from any type of digital
media involved in an incident with the purpose of extracting valid evidence for a court
of law.
DF investigations are usually performed as a response to a digital crime and,
as such, they are termed Reactive Digital Forensic (RDF). An RDF investigation
takes the traditional (or post-mortem) approach of investigating digital crimes after
incidents have occurred. This involves identifying, preserving, collecting, analyzing,
and generating the final report.
Although RDF investigations are effective, they are faced with many challenges,
especially when dealing with anti-forensic incidents, volatile data and event reconstruction.
To tackle these challenges, Proactive Digital Forensic (PDF) is required.
By being proactive, DF is prepared for incidents. In fact, the PDF investigation has
the ability to proactively collect data, preserve it, detect suspicious events, analyze
evidence and report an incident as it occurs.
This dissertation focuses on the detection and analysis phase of the proactive
investigation system, as it is the most expensive phase of the system. In addition,
theories behind such systems will be discussed. Finally, implementation of the whole
proactive system will be tested on a botnet use case (Zeus). / Graduate / 0984 / 0537 / soltanalharbi@hotmail.com
Identifer | oai:union.ndltd.org:LACETR/oai:collectionscanada.gc.ca:BVIV.1828/5237 |
Date | 07 April 2014 |
Creators | Alharbi, Soltan Abed |
Contributors | Weber, Jens, Issa, Traore |
Source Sets | Library and Archives Canada ETDs Repository / Centre d'archives des thèses électroniques de Bibliothèque et Archives Canada |
Language | English, English |
Detected Language | English |
Type | Thesis |
Rights | Available to the World Wide Web, http://creativecommons.org/publicdomain/zero/1.0/ |
Page generated in 0.002 seconds