IT-Incident Management & IT-Forensics



Similar documents
Visualization of Large and Unstructured Data Sets

PRIMIUM Process Innovation for Enterprise Software

How To Write A Paper On The Social Semantic Web

Testing of Component-Based Systems and Software Quality

OMER Object-oriented Modeling of Embedded Real-Time Systems

German Conference on Bioinformatics 2004

Information Systems Technology and its Applications

Enterprise Modelling and Information Systems Architectures

Enterprise Modelling. and Information Systems Architectures (EMISA 2013)

ARCS 2004 Organic and Pervasive Computing

European Conference on ehealth 2006

Enterprise Modelling and Information Systems Architectures (EMISA 2014)

Information Systems Technology and its Applications, 4 th. International Conference

Natural Language Processing and Information Systems

New Scholarships New Scholarships 2005

A Common Process Model for Incident Response and Digital Forensics

Visualization of Large and Unstructured Data Sets Applications in Geospatial Planning, Modeling and Engineering

1. MSc Communication and Media Engineering (CME) University of Applied Sciences Offenburg

DR. MICHAEL FRENKEL PROFESSOR OF ECONOMICS

3 rd National Conference

The work of the German CPA Society e.v.

Enterprise Modelling and Information Systems Architectures (EMISA 2011)

ASMONIA. Attack analysis and Security concepts for MObile Network infrastructures, supported by collaborative Information exchange

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Innovative Internet Community Services (I CS 2011)

Industry 4.0 Challenges and Opportunities

Management Control and Reporting of Intangibles

smart grids forum Intelligent power grids: How to build in Safety and Security Conference March 21 22, 2013 in Munich, Germany

Safety Management in Nuclear Technology

Steffen Sirries. Personal. Research Interests. Education. Refereed Publications. Working Papers and Work in Progress

DAAD Deutscher Akademischer Austausch Dienst German Academic Exchange Service

Large diameter timber - problem or chance?

situation and funding volume

Karlheinz Brandenburg was born on June 20th 1954 in Erlangen, Germany.

Cyber Security Strategy for Germany

Profile. Klemens Richter. Personal Data. Skills. Address Kriemhildenstrasse München Germany Telephone Mobile Work Fax

Practitioner s Guide:

Fernand Feltz, Benoît Otjacques, Andreas Oberweis, Nicolas Poussing (Eds.) AIM 2006

Curriculum vitae. July 2007 present Professor of Mathematics (W3), Technische

Prof. Dr. D. W. Cunningham, Berliner Strasse 35A, Cottbus, Germany

Litigation Summit 2011

Institut für Rundfunkökonomie

CALL FOR PAPERS. for the conference of. ISR th International Symposium on Robotics. in cooperation with: Robotics in the era of digitalisation

Finance at Fraunhofer- The Bridge between Academia and Industry

Challenges and Opportunities in Health Care Management

13 th Powertrain Manufacturing Conference

Curriculum vitae. I. Personal details Carsten Burhop Date of birth: 02 November 1973 Nationality: German address:

Definition Science meets Business Conclusion. generated by en.wikipedia.org/serious games

2 nd GERMAN-AFRICAN HEALTHCARE SYMPOSIUM

Business Ethics and Risk Management

TRANSATLANTIC CYBER SECURITY SUMMIT

International ddn Conference & Future Lab

Department of Law. School of Law and Economics

) 6 % 7 89: ; 3 4 < ) 7 % 1 ! #! % % & ( ) % ) ) +,. % / 0 , = > ? : / 3 6 / 8 2 / 3 3 / 2 7 > 5 %3 Α % % 3 ?

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

2013 Cross-Border M&A Conference

3 rd GERMAN-AFRICAN INFRASTRUCTURE FORUM NOVEMBER 3 rd 4 th, 2015

9 th European Pressure Equipment Conference. Symposium, June 8 9, 2011, Fürstenfeldbruck (near Munich), Germany

Since 1/2011 Supreme Administrative Court for Berlin-Brandenburg, JUDGE

Press. 13 May Expo Trade Fair and Congress for Data Driven Marketing Frankfurt am Main, May 2014

Preliminary Program Symposium Change in Journalism

Service Innovation Life Cycle in a Manufacturing Ecosystem

MDC CareerDay April 16, 2015 PROGRAM

The Battlefield. critical infrastructure:

Proceedings. GI-Edition. 12 th International Conference on Innovative Internet Community Systems (I 2 CS 2012) Lecture Notes in Informatics

TU Darmstadt International Strategy

Incident Response from a Global Enterprise Perspective Public Siemens AG All rights reserved

2 nd Network Conference

German International Student Barometer, D ISB, Academic Year 2011/12 Executive Summary

crash.tech Vehicle Safety 2020 Processes Functions Innovative Systems Congress at the AMI 2010 April 13 14, 2010, Congress Center Leipzig

Sharing the rewards of investment excellence. Our blueprint for successful real estate investment.

Information relating to Item 6 of the Agenda of the Annual General Meeting. Election to the Supervisory Board.

Energie & Management. Information, publications and services for the energy industry in Europe. - Company Profile -

Software Engineering in Kaiserslautern,, Germany

Corporate Bond Forum. 3 rd DVFA/EFFAS Corporate Bond Forum. Plain and boring side liners...??? Spotlight on Corporate Bonds.

Congress on Vocational Education and Training, International Recruitment of skilled Labour and Export of Training

Achieving Global Cyber Security Through Collaboration

September 6-7, 2002 Deutsche Bundesbank Training Centre

Network Security. Chapter 1 Introduction. Network Security IN2101. Georg Carle. Course organization

Transcription:

Oliver Göbel, Dirk Schadt, Sandra Frings, Hardo Hase, Detlef Günther, Jens Nedon (Eds.) IT-Incident Management & IT-Forensics Conference Proceedings October, 18 th 19 th, 2006 Stuttgart, Germany Special Interest Group Security Intrusion Detection and Response (SIDAR) Gesellscllschaft für Informatik 2006

Lecture Notes in Informatics (LNI) - Proceedings Series of the Gesellschaft für Informatik (GI) Volume P-97 ISBN 978-3-88579-191-1 ISSN 1617-5468 Volume Editors Oliver Göbel Stabsstelle DV-Sicherheit der Universität Stuttgart (RUS-CERT) Breitscheidstraße 2, 70197 Stuttgart, Germany Email: goebel@cert.uni-stuttgart.de Dirk Schadt Computer Associates GmbH, Darmstadt, Germany Sandra Frings Fraunhofer Institut für Arbeitswirtschaft und Organisation IAO, Stuttgart, Germany Hardo Hase IT-Consulting Hardo G. Hase, Bexbach, Germany Detlef Günther Volkswagen AG, CERT-VW, Wolfsburg, Germany Jens Nedon ConSecur GmbH, Meppen, Germany Series Editorial Board Heinrich C. Mayr, Universität Klagenfurt, Austria (Chairman, mayr@ifit.uni-klu.ac.at) Jörg Becker, Universität Münster, Germany Ulrich Furbach, Universität Koblenz, Germany Axel Lehmann, Universität der Bundeswehr München, Germany Peter Liggesmeyer, TU Kaiserslautern und Fraunhofer IESE, Germany Ernst W. Mayr, Technische Universität München, Germany Heinrich Müller, Universität Dortmund, Germany Heinrich Reinermann, Hochschule für Verwaltungswissenschaften Speyer, Germany Karl-Heinz Rödiger, Universität Bremen, Germany Sigrid Schubert, Universität Siegen, Germany Dissertations Dorothea Wagner, Universität Karlsruhe, Germany Seminars Reinhard Wilhelm, Universität des Saarlandes, Germany Gesellschaft für Informatik, Bonn 2006 printed by Köllen Druck+Verlag GmbH, Bonn

Preface Information technology has become crucial to almost every part of society. IT infrastructures are critical to the world wide economy, the financial sector, the health sector, the government's administration, the military, and the educational sector. Due to its importance the disruption or loss of IT capabilities results in a massive reduction of operability. Hence, IT security is continously gaining importance and has become technically essential to IT infrastructures. Although security usually gets integrated into the design process of IT systems nowadays, the process of maintaining security in IT infrastructure operation still lacks the appropriate attendance in most cases. Especially the capability to manage and respond to IT security incidents and their forensic analysis is established in the rarest cases. The quickly rising number of security incidents worldwide makes the implementation of incident management capabilities, targeting the mitigation of immediate consequences to the own infrastructure, essential. Also, the need of subsequent forensic analysis of selected cases to gather evidence on the incident's details and work up the information for law suits or to avert unwarranted liability claims of aggrieved third parties is constantly growing. In order to advance the fields of IT Incident Management and IT Forensics the special interest group Security Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) organises the annual International Conference on IT Incident Management and IT Forensics (IMF), bringing together experts from throughout the world, to discuss state of the art in these areas. IMF promotes collaboration and exchange of ideas between industry, academia, law enforcement and other government bodies. IMF 2006 is supported with keynotes by the German Federal Ministry of the Interior (BMI) and the US National Institute of Standards and Technology (NIST). The organising committee would like to thank all persons who helped in realising the conference, especially the authors whose papers and presentations make the essence of the conference, the members of the program committee who reviewed and evaluated the papers submitted and whose professional competence ensures the scientific quality of the program, as well as the sponsors who supported the conference. Oliver Göbel, Sandra Frings, Detlef Günther, Hardo Hase Jens Nedon and Dirk Schadt 1

Program Committee Henrik Becker Kanzlei Becker, Germany Vlasti Broucek University of Tasmania, Australia Ian Bryant NISCC, UK Brian Carrier CERIAS, USA Andrew Cormack UKERNA, UK Herve Debar France Telecom, France Ralf Dörrie Telekom CERT, Germany Maximilian Dornseif University of Mannheim, Germany Ulrich Emmert esb Rechtsanwälte Stuttgart, Germany Günther Ennen BSI/CERT-Bund, Germany Christoph Fischer BFK-Consulting, Germany Sandra Frings Fraunhofer IAO, Germany Oliver Göbel RUS-CERT, Universität Stuttgart, Germany Dieter Gollmann TU Hamburg-Harburg, Germany Detlef Günther Cert-VW, Volkswagen AG, Germany Bernhard Hämmerli ACRIS GmbH, Switzerland Hardo G. Hase, IT-Consulting Hardo G. Hase, Germany Mark Hoekstra IT Forensic BV, Netherlands Klaus Peter Kossakowski, DFN-CERT, Germany Thorsten Lieb Avocado Rechtsanwälte Frankfurt, Germany Jim Lyle NIST CFTT, USA Neil Mitchison Joint Reseach Centre, EU Jens Nedon Consecur GmbH, Germany Jason Rafail CERT/CC, USA Damir Rajnovic CISCO-PSIRT, USA Gavin Reid CISCO-INFOSEC, USA Dirk Schadt CA, Germany Christian Schaller SIEMENS-CERT, Germany Rolf Schulz gnsec, Germany Marco Thorbruegge ENISA, EU Helmut Ujen Bundeskriminalamt, Germany Andreas Wagner Frontrunner FZ LLC, Dubai Stephen Wolthusen Gjovik University College, Norway 2

Organising Committee General chair: Dirk Schadt, CA, Germany Hardo G. Hase, IT-Consulting Hardo G. Hase, Germany Sandra Frings, Fraunhofer IAO, Germany Oliver Göbel, RUS-CERT, Universität Stuttgart, Germany Detlef Günther, Volkswagen AG, Germany Jens Nedon, Consecur GmbH, Germany Program Chair : Oliver Göbel, RUS-CERT, Universität Stuttgart, Germany, goebel @ cert.uni-stuttgart.de Sponsor Chair: Dirk Schadt, CA, Germany, dirk.schadt @ gmail.com 3

Keynotes Dr. Stefan Grosse Bundesministerium des Inneren (BMI) der Bundesrepublik Deutschland James R. Lyle National Institute of Standards and Technology (NIST) The Contribution of Tool Testing to the Challenge of Responding to an IT Adversary Invited Speaker Andrea Rigioni Symantec Corp. Incident Response and the Role of External Services 4

Table of Contents The Contribution of Tool Testing to the Challenge of Responding to an IT Adversary (Keynote) (JimLyle)...6 Incident Response and the Role of External Services (Invited Speech) (Andrea Rigioni)...14 Technical Development of Cyber Crime (Rolf Schulz)...23 Establishing a Centre for Information Security: Experiences from the Trial Period and Recommendations to Similar Initiatives (Maria B. Line, Lillian Røstad)...43 CarmentiS: A Co-Operative Approach Towards Situation Awareness and Early Warning for the Internet (Bernd Grobauer, Jens Ingo Mehlau, Jürgen Sander)...55 Effectiveness of Proactive CSIRT Services (Johannes Wiik, Jose J. Gonzalez, Klaus-Peter Kossakowski)...67 A Distributed Security Announcement Authoring System with CAIF Support (Anselm R. Garbe, Oliver Goebel)...82 Automated Resolving of Security Incidents as a Key Mechanism to Fight Massive Infections of Malicious Software (Jochen Kaiser, Alexander Vitzthum, Peter Holleczek, Falco Dressler)...92 Pool Allocations as an Information Source in Windows Memory Forensics (Andreas Schuster)...104 A Comparative Study of Teaching Forensics at a University Degree Level (Philip Anderson, Maximilian Dornseif, Felix C. Freiling, Thorsten Holz, AlastrairIrons, Christopher Laing, Martin Mink)...116 Monitoring of Incident Response Management Performance (Maria B. Line, Eirik Albrechtsen, Stig Ole Johnsen, Odd Helge Longva, Stefanie Hillen)...128 Detecting New Patterns of Attacks Results and Applications of Large Scale Sensoring Networks (Thorsten Voss, Klaus-Peter Kossakowski)...144 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information