CS--Computer Science Department, GSOIS at NPS

	Graduate School of Operational and Information Sciences
	Department of Computer Science
	Administration
	Program Officer
	Curriculum
	Faculty
	Faculty Openings
	Research
	Publications
	Thesis Projects
	Thesis Resources
	Partners
	Contact the CS Department


	Home >> Academics >> GSOIS >>	Computer Science >> Events >> Event Details

A Model of Computer Forensic Logging and Analysis

Glasgow East-117
1500-1550
Thursday 28 August 2008

A lot of "forensic" data gets collected, but most of it is useless for accurately and provably (or even measurably) understanding what happened previously on a computer system. Forensic techniques could have broad applications, from analyzing attacks, compliance, and as legal evidence, but also particularly for analyzing behavior of insiders, where using typical access control and intrusion detection techniques would prevent legitimate users from doing their jobs. However, current forensic techniques have limited usefulness.

Our research has sought to enable analysis of many types of attacks, including multi-step intrusions, insider attacks, worms, and client-side scripting exploits. We have focused on systematic approaches to forensic logging and analysis, with the goal of making system and network audit logs more useful and usable. Our goal is to record better, potentially useful data specifically designed for forensic analysis, as opposed to simply high-level debugging, performance measurement, or accounting. We do this by turning the typical procedure around and asking, "given a set of intrusions, what data do we need to record in order to analyze those intrusions?" We also ask, "given a system instrumented normally to record a set of data, what intrusions can we analyze?" The results of our approach have shown promise for allowing more accurate and efficient forensic analysis.

Bio:

Sean Peisert is a postdoc at the University of California, Davis, where he does research in computer security. He is particularly interested in computer forensic analysis, intrusion detection, vulnerability analysis, security policy modeling, electronic voting, and doing empirical studies and real science to measure problems and validate solutions. Previously, he was a postdoc and lecturer in the Computer Science and Engineering department at the University of California, San Diego (UCSD), was a computer security researcher at the San Diego Supercomputer Center (SDSC), and co-founded a now-defunct software company. I have other interests, too. Dr. Peisert received his Ph.D., Masters and Bachelors degrees in Computer Science from UCSD, where his dissertation focused on a developing a systematic approach to forensic logging. He is an I3P Fellow and is a Fellow of the San Diego Supercomputer Center.