Skip to main content
Conference ProceedingsOPEN ACCESS

An investigative framework for incident analysis

IFIP Advances in Information and Communication Technology (2011) 361 23-34
DOI: 10.1007/978-3-642-24212-0_2
3Citations
Citations of this article
10Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

A computer incident occurs in a larger context than just a computer network. Because of this, investigators need a holistic forensic framework to analyze incidents in their entire context. This paper presents a framework that organizes incidents into social, logical and physical levels in order to analyze them in their entirety (including the human and physical factors) rather than from a purely technical viewpoint. The framework applies the six investigative questions – who, what, why, when, where and how – to the individual stages of an incident as well as to the entire incident. The utility of the framework is demonstrated using an insider threat case study, which shows where the evidence may be found in order to conduct a successful investigation.

Author supplied keywords

Cite

CITATION STYLE

APA

Blackwell, C. (2011). An investigative framework for incident analysis. In IFIP Advances in Information and Communication Technology (Vol. 361, pp. 23–34). Springer New York LLC. https://doi.org/10.1007/978-3-642-24212-0_2

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free