Research Article
Real-Time Forensics Through Endpoint Visibility
234 downloads
@INPROCEEDINGS{10.1007/978-3-319-73697-6_2, author={Peter Kieseberg and Sebastian Neuner and Sebastian Schrittwieser and Martin Schmiedecker and Edgar Weippl}, title={Real-Time Forensics Through Endpoint Visibility}, proceedings={Digital Forensics and Cyber Crime. 9th International Conference, ICDF2C 2017, Prague, Czech Republic, October 9-11, 2017, Proceedings}, proceedings_a={ICDF2C}, year={2018}, month={1}, keywords={Digital forensics Real-time forensics Forensic process Endpoint visibility}, doi={10.1007/978-3-319-73697-6_2} }- Peter Kieseberg
Sebastian Neuner
Sebastian Schrittwieser
Martin Schmiedecker
Edgar Weippl
Year: 2018
Real-Time Forensics Through Endpoint Visibility
ICDF2C
Springer
DOI: 10.1007/978-3-319-73697-6_2
Abstract
In the course of the last years, there has been an established forensic process in place known by every investigator and researcher. This traditional process is regarded to produce valid evidence when it comes to court trials and, more importantly, it specifies on a very precise level how to acquire a suspects machine and handle the data within. However, when new technologies come into play, certain constraints appear: Having an incident in a network containing thousands of machines, like a global corporate network, there is no such thing as shutting down and sending an investigation team. Moreover, the question appears: Is this an isolated incident, or are there any other clients affected?
Copyright © 2017–2024 EAI