Forensix: A Robust, High-Performance Reconstruction System

I
ICDCSW
2005
Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05)
Abstract - Forensix: A Robust, High-Performance Reconstruction System

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ashvin Goel Articles by Wu-chang Feng Articles by David Maier Articles by Wu-chi Feng Articles by Jonathan Walpole

Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05)

Columbus, Ohio, USA

June 06-June 10

ISBN: 0-7695-2328-5

	ASCII Text	x
	Ashvin Goel, Wu-chang Feng, David Maier, Wu-chi Feng, Jonathan Walpole, "Forensix: A Robust, High-Performance Reconstruction System," Distributed Computing Systems Workshops, International Conference on, vol. 2, pp. 155-162, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005.

	BibTex	x
	@article{ 10.1109/ICDCSW.2005.62, author = {Ashvin Goel and Wu-chang Feng and David Maier and Wu-chi Feng and Jonathan Walpole}, title = {Forensix: A Robust, High-Performance Reconstruction System}, journal ={Distributed Computing Systems Workshops, International Conference on}, volume = {2}, year = {2005}, issn = {1545-0678}, pages = {155-162}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.62}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems Workshops, International Conference on TI - Forensix: A Robust, High-Performance Reconstruction System SN - 1545-0678 SP155 EP162 A1 - Ashvin Goel, A1 - Wu-chang Feng, A1 - David Maier, A1 - Wu-chi Feng, A1 - Jonathan Walpole, PY - 2005 KW - null VL - 2 JA - Distributed Computing Systems Workshops, International Conference on ER -

Ashvin Goel, University of Toronto

Wu-chang Feng, Portland State University

David Maier, Portland State University

Wu-chi Feng, Portland State University

Jonathan Walpole, Portland State University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.62

When computer intrusions occur, one of the most costly, time-consuming, and human-intensive tasks is the analysis and recovery of the compromised system. At a time when the cost of human resources dominates the cost of CPU, network, and storage resources, we argue that computing systems should, in fact, be built with automated analysis and recovery as a primary goal. Towards this end, we describe the design, implementation, and evaluation of Forensix: a robust, high-precision reconstruction and analysis system for supporting the computer equivalent of "TiVo".

Forensix uses three key mechanisms to improve the accuracy and reduce the human overhead of performing forensic analysis. First it performs comprehensive monitoring of the execution of a target system at the kernel event level, giving a high-resolution, application-independent view of all activity. Second, it streams the kernel event information, in real-time, to append-only storage on a separate, hardened, logging machine, making the system resilient to a wide variety of attacks. Third, it uses database technology to support high-level querying of the archived log, greatly reducing the human cost of performing forensic analysis.

Citation:

Ashvin Goel, Wu-chang Feng, David Maier, Wu-chi Feng, Jonathan Walpole, "Forensix: A Robust, High-Performance Reconstruction System," icdcsw, vol. 2, pp.155-162, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.