Internet Archive Scholar

Holmes: A data theft forensic framework

Ramya Jayaram Masti, Vincent Lenders, Mario Strasser, Stefan Engel, Bernhard Plattner
2011 2011 IEEE International Workshop on Information Forensics and Security  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (183.6 kB)
https://web.archive.org/web/20190303191423/http://www.lenders.ch:80/publications/conferences/wifs11.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

This paper presents Holmes, a forensic framework for postmortem investigation of data theft incidents in enterprise networks. Holmes pro-actively collects potential evidence from hosts and the network for correlation analysis at a central location. In order to optimize the storage requirements for the collected data, Holmes relies on compact network and host data structures. We evaluate the theoretical storage requirements of Holmes in average networks and quantify the improvements compared to
more » ... aw data collection alternatives. Finally, we present the application of Holmes to two realistic data theft investigation scenarios and discuss how combining network and host data can improve the efficiency and reliability of these investigations.
doi:10.1109/wifs.2011.6123144 dblp:conf/wifs/MastiLSEP11 fatcat:f6oo3ifqxvhsjnkqenmlb5cnqe
Citation

Ramya Jayaram Masti, Vincent Lenders, Mario Strasser, Stefan Engel, Bernhard Plattner. "Holmes: A data theft forensic framework." 2011 IEEE International Workshop on Information Forensics and Security (2011) 1-6