Cloud, Digital, SaaS, Enterprise 2.0, Enterprise Software, CIO, Social Media, Mobility, Trends, Markets, Thoughts, Technologies, Outsourcing


Contact Me:

Linkedin Facebook Twitter Google Profile


wwwThis Blog
Google Book Search



  • Creative Commons License
  • This page is powered by Blogger. Isn't yours?
Enter your email address below to subscribe to this Blog !

powered by Bloglet


Saturday, March 12, 2005

Process Forensics :Snapshots Of Digital Footprints

Internet growth in the U.S. is around 2 million new users each month, according to the U.S. Department of Commerce, and security-related incidents have increased every year since 1998 and doubled from 2001 to 2003, according to the CERT Coordination Center.Checkpointing software is a computer tool designed to allow administrators to backup and recover data and more smoothly introduce new systems into a network.Process forensics involves extracting information from a process’s address space for the purpose of finding digital evidence pertaining to a computer crime. The tool stores the state of a running program, or process, so that it can be restarted from that point.
Researchers from the University of Florida have combined the concept of checkpointing with that of intrusion detection - determining when an unauthorized user is accessing a computer - to come up with a new tool that could help in computer crime investigations. Like in the real world,computer forensics involves determining who did what after an attack has taken place. Although intrusion prevention is the ultimate goal, as long as intruders continue to be successful, there's a need for good ways to collect data concerning intrusions.

Forensic investigators looking for evidence of a computer crime typically analyze several types of files looking for data that will allow them to piece together computer activity
. These include log files, which keep track of computer events; swap files, which are used by the computer as a temporary holding space for data and could still house evidence of the illicit computer activity; and unallocated space and slack space, which may contain data from files that were deleted but have not yet been completely overwritten. In contrast to this data saved in files, checkpointing saves data that resides in memory and is usually discarded when it is no longer needed by the process or when the computer is turned off.

ThinkExist.com Quotes
Sadagopan's Weblog on Emerging Technologies, Trends,Thoughts, Ideas & Cyberworld
"All views expressed are my personal views are not related in any way to my employer"