SYSTEM AND METHOD OF FORENSICS EVIDENCE COLLECTION AT THE TIME OF INFRINGEMENT OCCURRENCE

SYSTEM AND METHOD OF FORENSICS EVIDENCE COLLECTION AT THE TIME OF INFRINGEMENT OCCURRENCE

A system and a method for collecting forensics evidence data at the time of invasion occurrence are provided to effectively collect and store the electronic evidence data based on an invasion occurrence time point by calculating/using severity of attack based on a relationship analysis of an IDS log...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: CHOI, YUN HO, KIM, SANG KON, SEO, SEUNG WOO, RHEE, MYUNG SOO, MOON, HO KUN, KANG, YU, PARK, CHONG HO, CHOE, JIN GI
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A system and a method for collecting forensics evidence data at the time of invasion occurrence are provided to effectively collect and store the electronic evidence data based on an invasion occurrence time point by calculating/using severity of attack based on a relationship analysis of an IDS log, a system log, and environment setting information. When intrusion is generated in a monitored/protected target system(22), an intrusion determiner(23) calculates invasion risk of the attack by receiving log information recorded in the target system, and analyzing the relationship between the environment setting information and the log information of target system. The intrusion determiner determines invasion log information to be stored based on the calculated severity and orders the target system to transmit the invasion log information at the invasion occurrence time point. A forensics data collector(21) collects and stores the invasion log information received from the target system. An invasion accident processor(25) traces an attacker by analyzing and inferring the invasion log information.