NORMA eResearch @NCI Library

A Computer Forensic Methodology.

McGrath, Niall (2005) A Computer Forensic Methodology. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
PDF (Master of Science)
Download (3MB) | Preview


Cybercrime is the name given to a recent phenomenon that covers computer fraud, theft of intellectual property or confidential data, harassment, defacement of a website, illegal use or abuse of a network or the perpetration of any crime with the use of a computer. At present the Cybercriminal is fully equipped to operate with relative impunity.
SYSTEM5 is proposed as an integrated methodology to address the problem of Cybercrime. It consists of five phases: (i) pre-incident, (ii) incident/formulation of a response strategy, (iii) incident/computer forensics process, (iv) post-incident and (v) legal phase.
It profiles the Cybercriminal's motivations and techniques of attack; it models the computer attack, determines the attacker's objectives during each phase and enables the formulation of a response strategy. The response strategy encompasses evidence retrieval and analysis which is carried out within legal constraints and requirements.
A prototype Expert System in Prolog was implemented. The approach was evaluated by an independent group of experts who concluded that SYSTEM5 contributes significantly to the domain of computer forensics. They also concluded that the methodology is capable of deployment in a variety of legal jurisdictions.
The research identifies potential avenues for expansion through the addition of new attack vectors and the refinement of the Expert System.
Keywords: Computer Forensics, Attack Model, Adversary Model, Vulnerability, Worm, Virus, Computer Incident Response, Artificial Intelligence (AI), Expert System (Shell), Inference Engine, Prolog, Unified Modelling Language (UML), Chain of Custody, Search and Seizure, Evidence Retrieval, Forensic Duplication, Bit Level Image, Expert Witness Testimony, Local Area Network (LAN), Transmission Control Protocol/Internet Protocol (TCPIIP), Intrusion Detection System (IDS).

Item Type: Thesis (Masters)
Subjects: Z Bibliography. Library Science. Information Resources > ZA Information resources > ZA4150 Computer Network Resources > The Internet
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunications > The Internet
H Social Sciences > HV Social pathology. Social and public welfare > Criminology > Crimes and Offences > Cyber Crime
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Masters by Research
Depositing User: SINEAD CORCORAN
Date Deposited: 05 Aug 2010 09:13
Last Modified: 27 Apr 2012 14:06

Actions (login required)

View Item View Item