Incident Response

2007 ◽  
pp. 89-109 ◽  
Author(s):  
Anthony Reyes ◽  
Kevin O'Shea ◽  
Jim Steele ◽  
Jon R. Hansen ◽  
Benjamin R. Jean ◽  
...  
Keyword(s):  
Incident Response

scholarly journals A Comparative UAV Forensic Analysis: Static and Live Digital Evidence Traceability Challenges

Drones ◽  
2021 ◽  
Vol 5 (2) ◽  
pp. 42
Author(s):  
Fahad E. Salamh ◽  
Umit Karabiyik ◽  
Marcus K. Rogers ◽  
Eric T. Matson
Keyword(s):  
High Volume ◽  
Forensic Analysis ◽  
Digital Evidence ◽  
Incident Response ◽  
Scientific Contribution ◽  
Response Plan ◽  
Technical Challenges ◽  
And Control ◽  
The Impact ◽  
Categorization Model

The raising accessibility of Unmanned Aerial Vehicles (UAVs), colloquially known as drones, is rapidly increasing. Recent studies have discussed challenges that may come in tow with the growing use of this technology. These studies note that in-depth examination is required, especially when addressing challenges that carry a high volume of software data between sensors, actuators, and control commands. This work underlines static and live digital evidence traceability challenges to further enhance the UAV incident response plan. To study the live UAV forensic traceability issues, we apply the `purple-teaming’ exercise on small UAVs while conducting UAV forensic examination to determine technical challenges related to data integrity and repeatability. In addition, this research highlights current static technical challenges that could pose more challenges in justifying the discovered digital evidence. Additionally, this study discusses potential drone anti-forensic techniques and their association with the type of use, environment, attack vector, and level of expertise. To this end, we propose the UAV Kill Chain and categorize the impact and complexity of all highlighted challenges based on the conducted examination and the presented scientific contribution in this work. To the best of our knowledge, there has not been any contribution that incorporates `Purple-Teaming’ tactics to evaluate UAV-related research in cybersecurity and digital forensics. This work also proposes a categorization model that classifies the discovered UAV static and live digital evidence challenges based on their complexity and impact levels

scholarly journals Development and implementation of incident response near-infrared models for analyzing contaminated medicines containing diethylene glycol solvent

2014 ◽  
Vol 07 (06) ◽  
pp. 1450035
Author(s):  
Lihui Yin ◽  
Xuebo Zhang ◽  
Xiaodong Li ◽  
Shaohong Jin
Keyword(s):  
Propylene Glycol ◽  
Diethylene Glycol ◽  
Near Infrared ◽  
Raw Materials ◽  
Prediction Performance ◽  
Raw Material ◽  
Distilled Water ◽  
Incident Response ◽  
Quantification Model ◽  
Material Screening

Samples of preparations contaminated by diethylene glycol (DEG), diethylene glycol raw materials and laboratory prepared solutions were measured to get NIR spectra. Then the identification models were developed using the collected spectra and the spectra of distilled water, propylene glycol and the preparations without diethylene glycol. Besides, the quantification model was also established for determining the concentration of diethylene glycol in the preparations. Validation results show the identification and quantification models have ideal prediction performance. The emergency NIR models are rapid, easy to use and accurate, and can be implemented for identifying diethylene glycol raw material, screening the preparations contaminated by diethylene glycol in the markets and analyzing the concentrations of DEG.

scholarly journals Dynamic cyber-incident response

2014 ◽  
Author(s):  
Kevin Mepham ◽  
Panos Louvieris ◽  
Gheorghita Ghinea ◽  
Natalie Clewley
Keyword(s):  
Incident Response

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Knowledge-Based System for Estimating Incident Clearance Duration for Maryland I-95

2018 ◽  
Vol 2672 (14) ◽  
pp. 61-72 ◽  
Author(s):  
Minsu Won ◽  
Hyeonmi Kim ◽  
Gang-Len Chang
Keyword(s):  
Preliminary Evaluation ◽  
Incident Response ◽  
Knowledge Based System ◽  
Confidence Levels ◽  
Knowledge Based ◽  
Incident Duration ◽  
Response Team ◽  
Key Variables ◽  
Incident Reports ◽  
The Many

For incident response operations to be appreciated by the general public, it is essential that responsible highway agencies are capable of providing the estimated clearance duration of a detected incident at a level sufficiently reliable for motorists to make proper decisions such as selecting a detour route. Depending on the estimated clearance duration, the incident response center can then implement proper strategies to interact with motorists, ranging from providing incident information only to executing mandatory detouring operations. This study presents a knowledge-based system, based on detailed incident reports collected by the Maryland-CHART (Coordinated Highway Action Response Team) program between years 2012 and 2016, for such needs. The proposed system features the use of interval-based estimates derived from knowledge of historical data, with different confidence levels for each estimated incident clearance duration, and its rule-based structure for convenient updates with new data and available expertise from field operators. As some key variables associated with incident duration often only become available as the clearance operations progress, the developed system with its sequential nature allows users to dynamically revise the estimated duration when additional data have been reported. The preliminary evaluation results have shown the promise of the developed system which, with its invaluable historical information, can circumvent the many data quality and availability issues which have long plagued the applicability of some state-of-the-art models on this subject.

Sign in / Sign up

Export Citation Format

Share Document