Research Article
BibTex RIS Cite

Manuel Data Retrieval from Linux Systems in Incident Response Processes

Year 2022, Volume: 34 Issue: 2, 79 - 88, 30.09.2022

Abstract

Nowadays, Advanced Persistent Threat (APT) groups target different types of companies. Their purposes are to obtain confidential data of organizations. In order to detect such attacks, all endpoints in organizations should be monitored and analyzed from Security Operation Center Team. At the same time, human resources are required for the management of these systems. In addition, these systems generally work on Windows and solutions that support linux are less successful. For these reasons, it is considered that there is a difficulty in the operation of incident response processes in Linux systems. This article proposes a solution to the identified difficulty. In Incident Response processes, studies were carried out to obtain data on devices with Linux operating system and their outputs were announced. In summary, incident response processes were completed with fast and accurate results in most Linux-based operating systems using the solution method presented in this article.

References

  • Chen J, Su C, Yeh K-H, Yung M (2018) Special issue on advanced persistent threat. vol 79. Elsevier,
  • Niakanlahiji A, Wei J, Chu B-T A natural language processing based trend analysis of advanced persistent threat techniques. In: 2018 IEEE International Conference on Big Data (Big Data), 2018. IEEE, pp 2995-3000
  • Ahmad A, Webb J, Desouza KC, Boorman J (2019) Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack. Computers & Security 86:402-418
  • Auty M (2015) Anatomy of an advanced persistent threat. Network Security 2015 (4):13-16
  • Hekim H, BAŞIBÜYÜK O (2013) Sİber Suçlar ve Türkİye’Nİn Sİber Güvenlİk Polİtİkalari. Uluslararası Güvenlik ve Terörizm Dergisi 4 (2):135-158
  • Karantzas G, Patsakis C (2021) An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors. Journal of Cybersecurity and Privacy 1 (3):387-421
  • Javed AR, Ahmed W, Alazab M, Jalil Z, Kifayat K, Gadekallu TR (2022) A Comprehensive Survey on Computer Forensics: State-of-the-art, Tools, Techniques, Challenges, and Future Directions. IEEE Access
  • Garfinkel SL (2010) Digital forensics research: The next 10 years. digital investigation 7:S64-S73
  • Ling T The study of Computer forensics on Linux. In: 2013 International Conference on Computational and Information Sciences, 2013. IEEE, pp 294-297
  • Reddy N (2019) Linux forensics. In: Practical Cyber Forensics. Springer, pp 69-100
  • Nikkel B (2021) Practical Linux Forensics: A Guide for Digital Investigators. no starch Press,
  • Referans12. Reith M, Carr C, Gunsch G (2002) An examination of digital forensic models. International Journal of Digital Evidence 1 (3):1-12
  • Henkoğlu T (2020) Adli bilişim: Dijital delillerin elde edilmesi ve analizi. Pusula,
  • Schneier B (2014) The future of incident response. IEEE Security & Privacy 12 (5):96-96
  • Casey E (2009) Handbook of digital forensics and investigation. Academic Press,
  • Sabillon R (2022) Cybersecurity Incident Response and Management. In: Research Anthology on Business Aspects of Cybersecurity. IGI Global, pp 611-620
  • Andrade R, Torres J, Cadena S Cognitive security for incident management process. In: International Conference on Information Technology & Systems, 2019. Springer, pp 612-621
  • Thompson EC (2018) Cybersecurity incident response: How to contain, eradicate, and recover from incidents. Apress,
  • Altheide C, Carvey H (2011) Digital forensics with open source tools. Elsevier,
  • Amarchand G, Munn K, Renicker S A Study on Linux Forensics.
  • Carrier B (2005) File system forensic analysis. Addison-Wesley Professional,
  • Clarke GE (2018) CompTIA security+ certification study guide (exam SY0-501). McGraw-Hill Education,
  • Jones KJ, Bejtlich R, Rose CW (2005) Real digital forensics: computer security and incident response. Addison-Wesley Professional,
  • Easttom C (2017) System forensics, investigation, and response. Jones & Bartlett Learning,
  • Sachowski J (2018) Digital Forensics and Investigations: People, Processes, and Technologies to Defend the Enterprise. CRC Press,
  • Leigland R, Krings AW (2004) A formalization of digital forensics. International Journal of Digital Evidence 3 (2):1-32
  • Patil DN, Meshram BB (2016) Digital forensic analysis of ubuntu file system. Int J Cyber Secur Digit Forensics 4 (5):175-186
  • Patil DN, Meshram BB An Evidence Collection and Analysis of Ubuntu File System.
  • Yang K-p, Wallace K (2011) File Systems in Linux and FreeBSD: A Comparative Study. Journal of Emerging Trends in Computing and Information Sciences 2 (9)
  • Chen W, Liu C-m The analysis and design of Linux file system based on computer forensic. In: 2010 International Conference On Computer Design and Applications, 2010. IEEE, pp V2-60-V62-64
  • Choi J, Savoldi A, Gubian P, Lee S, Lee S Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). In: 2008 International Conference on Information Security and Assurance (isa 2008), 2008. IEEE, pp 231-236
  • Grundy B (2014) Advanced artifact analysis. European Union Agency for Network and Information Security

Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama

Year 2022, Volume: 34 Issue: 2, 79 - 88, 30.09.2022

Abstract

Günümüzde gelişmiş kalıcı tehdit gruplarının (APT) yaptığı saldırılar gerek kurumları gerekse özel şirketleri hedef almaktadır. Bu tür APT gruplarının yaptığı saldırılar birçok farklı amaca hizmet edebilmektedir. Özellikle kamu kurumlarına karşı yapılan saldırılarda devletlere ait gizli bilgilerin elde edilmesi gibi hedefleri olduğu bilinmektedir. Bu tür atakların tespit edilmesi için kurumlarda var olan tüm uç noktaların merkezi bir yerden sürekli olarak takip edilmesi ve kurum/kuruluş içerisindeki tüm aktivitelerin kontrol edilmesi ihtiyacını ortaya çıkarmaktadır. Böyle bir sistem kurum veya kuruluşlarda kurulsa dahi sistemler üzerinde gerekli inceleme ve analiz işlemlerinin yapılması için insan kaynağı ihtiyacı ortaya çıkmaktadır. Ayrıca bu sistemler genellikle Windows odaklı çalışmaktadır ve Linux destekleyenlerin verimi oldukça düşüktür. Linux sistemler bu yapıda kör kalmaktadır. İzleme yapılsa dahi bahsedilen türde bir saldırıya maruz kaldığının tespit edilmesi ve incelenmesi mevcut kullanılan kurumsal çözümlerle başarılı olmamaktadır. Bu sebeplerle Linux sistemlerde olay müdahale süreçlerinin işletilmesinde bir zorluk olduğu değerlendirilmiştir. Bu makalede tespit edilen zorluğa çözüm sunulmaktadır. Olay Müdahale süreçlerinde Linux işletim sistemine sahip cihazlarda veri elde edilmesine yönelik çalışmalar yapılmış ve çıktıları açıklanmıştır. Özetle bu makalede sunulan çözüm yöntemi kullanılarak Linux tabanlı çoğu işletim sisteminde hızlı ve doğru sonuçlarla olay müdahale süreçleri tamamlanmıştır.

References

  • Chen J, Su C, Yeh K-H, Yung M (2018) Special issue on advanced persistent threat. vol 79. Elsevier,
  • Niakanlahiji A, Wei J, Chu B-T A natural language processing based trend analysis of advanced persistent threat techniques. In: 2018 IEEE International Conference on Big Data (Big Data), 2018. IEEE, pp 2995-3000
  • Ahmad A, Webb J, Desouza KC, Boorman J (2019) Strategically-motivated advanced persistent threat: Definition, process, tactics and a disinformation model of counterattack. Computers & Security 86:402-418
  • Auty M (2015) Anatomy of an advanced persistent threat. Network Security 2015 (4):13-16
  • Hekim H, BAŞIBÜYÜK O (2013) Sİber Suçlar ve Türkİye’Nİn Sİber Güvenlİk Polİtİkalari. Uluslararası Güvenlik ve Terörizm Dergisi 4 (2):135-158
  • Karantzas G, Patsakis C (2021) An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors. Journal of Cybersecurity and Privacy 1 (3):387-421
  • Javed AR, Ahmed W, Alazab M, Jalil Z, Kifayat K, Gadekallu TR (2022) A Comprehensive Survey on Computer Forensics: State-of-the-art, Tools, Techniques, Challenges, and Future Directions. IEEE Access
  • Garfinkel SL (2010) Digital forensics research: The next 10 years. digital investigation 7:S64-S73
  • Ling T The study of Computer forensics on Linux. In: 2013 International Conference on Computational and Information Sciences, 2013. IEEE, pp 294-297
  • Reddy N (2019) Linux forensics. In: Practical Cyber Forensics. Springer, pp 69-100
  • Nikkel B (2021) Practical Linux Forensics: A Guide for Digital Investigators. no starch Press,
  • Referans12. Reith M, Carr C, Gunsch G (2002) An examination of digital forensic models. International Journal of Digital Evidence 1 (3):1-12
  • Henkoğlu T (2020) Adli bilişim: Dijital delillerin elde edilmesi ve analizi. Pusula,
  • Schneier B (2014) The future of incident response. IEEE Security & Privacy 12 (5):96-96
  • Casey E (2009) Handbook of digital forensics and investigation. Academic Press,
  • Sabillon R (2022) Cybersecurity Incident Response and Management. In: Research Anthology on Business Aspects of Cybersecurity. IGI Global, pp 611-620
  • Andrade R, Torres J, Cadena S Cognitive security for incident management process. In: International Conference on Information Technology & Systems, 2019. Springer, pp 612-621
  • Thompson EC (2018) Cybersecurity incident response: How to contain, eradicate, and recover from incidents. Apress,
  • Altheide C, Carvey H (2011) Digital forensics with open source tools. Elsevier,
  • Amarchand G, Munn K, Renicker S A Study on Linux Forensics.
  • Carrier B (2005) File system forensic analysis. Addison-Wesley Professional,
  • Clarke GE (2018) CompTIA security+ certification study guide (exam SY0-501). McGraw-Hill Education,
  • Jones KJ, Bejtlich R, Rose CW (2005) Real digital forensics: computer security and incident response. Addison-Wesley Professional,
  • Easttom C (2017) System forensics, investigation, and response. Jones & Bartlett Learning,
  • Sachowski J (2018) Digital Forensics and Investigations: People, Processes, and Technologies to Defend the Enterprise. CRC Press,
  • Leigland R, Krings AW (2004) A formalization of digital forensics. International Journal of Digital Evidence 3 (2):1-32
  • Patil DN, Meshram BB (2016) Digital forensic analysis of ubuntu file system. Int J Cyber Secur Digit Forensics 4 (5):175-186
  • Patil DN, Meshram BB An Evidence Collection and Analysis of Ubuntu File System.
  • Yang K-p, Wallace K (2011) File Systems in Linux and FreeBSD: A Comparative Study. Journal of Emerging Trends in Computing and Information Sciences 2 (9)
  • Chen W, Liu C-m The analysis and design of Linux file system based on computer forensic. In: 2010 International Conference On Computer Design and Applications, 2010. IEEE, pp V2-60-V62-64
  • Choi J, Savoldi A, Gubian P, Lee S, Lee S Live forensic analysis of a compromised linux system using LECT (Linux Evidence Collection Tool). In: 2008 International Conference on Information Security and Assurance (isa 2008), 2008. IEEE, pp 231-236
  • Grundy B (2014) Advanced artifact analysis. European Union Agency for Network and Information Security
There are 32 citations in total.

Details

Primary Language Turkish
Journal Section FBD
Authors

Mustafa Emre Demir 0000-0002-8324-0127

Sengul Dogan 0000-0001-9677-5684

Türker Tuncer 0000-0002-5126-6445

Publication Date September 30, 2022
Submission Date April 30, 2022
Published in Issue Year 2022 Volume: 34 Issue: 2

Cite

APA Demir, M. E., Dogan, S., & Tuncer, T. (2022). Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama. Fırat Üniversitesi Fen Bilimleri Dergisi, 34(2), 79-88.
AMA Demir ME, Dogan S, Tuncer T. Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama. Fırat Üniversitesi Fen Bilimleri Dergisi. September 2022;34(2):79-88.
Chicago Demir, Mustafa Emre, Sengul Dogan, and Türker Tuncer. “Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama”. Fırat Üniversitesi Fen Bilimleri Dergisi 34, no. 2 (September 2022): 79-88.
EndNote Demir ME, Dogan S, Tuncer T (September 1, 2022) Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama. Fırat Üniversitesi Fen Bilimleri Dergisi 34 2 79–88.
IEEE M. E. Demir, S. Dogan, and T. Tuncer, “Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama”, Fırat Üniversitesi Fen Bilimleri Dergisi, vol. 34, no. 2, pp. 79–88, 2022.
ISNAD Demir, Mustafa Emre et al. “Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama”. Fırat Üniversitesi Fen Bilimleri Dergisi 34/2 (September 2022), 79-88.
JAMA Demir ME, Dogan S, Tuncer T. Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama. Fırat Üniversitesi Fen Bilimleri Dergisi. 2022;34:79–88.
MLA Demir, Mustafa Emre et al. “Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama”. Fırat Üniversitesi Fen Bilimleri Dergisi, vol. 34, no. 2, 2022, pp. 79-88.
Vancouver Demir ME, Dogan S, Tuncer T. Olay Müdahale Süreçlerinde Linux Sistemlerden Manuel Veri Toplama. Fırat Üniversitesi Fen Bilimleri Dergisi. 2022;34(2):79-88.