NotesFAQContact Us
Search Tips
ERIC Number: ED556660
Record Type: Non-Journal
Publication Date: 2013
Pages: 154
Abstractor: As Provided
Reference Count: N/A
ISBN: 978-1-3037-2866-2
Linux Incident Response Volatile Data Analysis Framework
McFadden, Matthew
ProQuest LLC, D.C.S. Dissertation, Colorado Technical University
Cyber incident response is an emphasized subject area in cybersecurity in information technology with increased need for the protection of data. Due to ongoing threats, cybersecurity imposes many challenges and requires new investigative response techniques. In this study a Linux Incident Response Framework is designed for collecting volatile data during an incident response in cybercrime investigations. The theoretical model allows a forensics and/or intrusion investigator to perform an incident response, and aids in volatile data collection for triage analysis during an investigation. The methodology and framework with associated program is called LinuxIR. LinuxIR is an effective tool for investigators performing incident response to gather volatile data and perform analysis in cybercrime investigations and is effective in collecting substantial information related to detection of malicious indicators for investigative analysis. The framework was found to preserve evidence and provides a minimal digital footprint due to the speed of the program being executed, minimal memory footprint, physical size of program, and number lines of code. The LinuxIR framework worked effectively against all of the Linux distributions validated against. These included Ubuntu, Debian, Mageia, Mint, and Fedora. Finally, the LinuxIR framework was easy to use, flexible, and required minimal interaction by the responder to collect data for investigative analysis. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A