The article offers a method for rapid analysis of information security events based on the representation of an incident as a set of events consisting of impacts on files. The method involves using a database of identified impact templates, where initial data is the NTFS volume change log entries - SUsnJrnl. An algorithm for searching and classifying impacts on the files using templates is considered. The proposed method of rapid analysis allows you to determine the order of events within the framework of the incident under investigation, reducing the number of analyzed data arrays to one - SUsnJrnl log.
|投稿的翻译标题||A METHOD FOR RAPID ANALYSIS OF EVENTS RELATED TO IMPACTS ON FILES DESIGNED TO INVESTIGATE INFORMATION SECURITY INCIDENTS|
|州||Published - 2020|
- 50.00.00 AUTOMATION. COMPUTER ENGINEERING
Level of Research Output
- VAK List