3.9 Article Proceedings Paper

Detecting data theft using stochastic forensics

DIGITAL INVESTIGATION (2011)

Get Full Text
Add to Collection

Journal

DIGITAL INVESTIGATION
Volume 8, Issue -, Pages S71-S77

Publisher

ELSEVIER SCI LTD
DOI: 10.1016/j.diin.2011.05.009

Keywords

Data theft; Stochastic forensics; Data breach; Data exfiltration; Filesystem forensics; MAC times; Forensics of emergent properties

Categories

Computer Science, Information Systems Computer Science, Interdisciplinary Applications

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

We present a method to examine a filesystem and determine if and when files were copied from it. We develop this method by stochastically modeling filesystem behavior under both routine activity and copying, and identifying emergent patterns in MAC timestamps unique to copying. These patterns are detectable even months afterwards. We have successfully used this method to investigate data exfiltration in the field. Our method presents a new approach to forensics: by looking for stochastically emergent patterns, we can detect silent activities that lack artifacts. (C) 2011 Grier. Published by Elsevier Ltd. All rights reserved.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

3.9
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.