%0 Conference Proceedings
%T An Investigative Framework for Incident Analysis
%+ Oxford Brookes University
%A Blackwell, Clive
%Z Part 1: THEMES AND ISSUES
%< avec comité de lecture
%( IFIP Advances in Information and Communication Technology
%B 7th Digital Forensics (DF)
%C Orlando, FL, United States
%Y Gilbert Peterson
%Y Sujeet Shenoi
%I Springer
%3 Advances in Digital Forensics VII
%V AICT-361
%P 23-34
%8 2011-01-31
%D 2011
%R 10.1007/978-3-642-24212-0_2
%K Incident framework
%K security architecture
%K investigative questions
%Z Computer Science [cs]Conference papers
%X A computer incident occurs in a larger context than just a computer network. Because of this, investigators need a holistic forensic framework to analyze incidents in their entire context. This paper presents a framework that organizes incidents into social, logical and physical levels in order to analyze them in their entirety (including the human and physical factors) rather than from a purely technical viewpoint. The framework applies the six investigative questions – who, what, why, when, where and how – to the individual stages of an incident as well as to the entire incident. The utility of the framework is demonstrated using an insider threat case study, which shows where the evidence may be found in order to conduct a successful investigation.
%G English
%Z TC 11
%Z WG 11.9
%2 https://inria.hal.science/hal-01569558/document
%2 https://inria.hal.science/hal-01569558/file/978-3-642-24212-0_2_Chapter.pdf
%L hal-01569558
%U https://inria.hal.science/hal-01569558
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-DF
%~ IFIP-WG11-9
%~ IFIP-AICT-361