OmniSleuth

Abstract

OmniSleuth provides an integrated environment for investigation of cyber attacks, including the gathering, preservation, organization, and analysis of evidence. OmniSleuth gives an investigator access to remote computers by supporting the deployment of investigative agents to those computers. An agent is a program that is run on a remote, networked computer by sending the program executable to that remote machine. Typically, agents communicate with one another and can be controlled remotely. OmniSleuth investigative agents observe the state and activity of the host platform and can report on it. The investigator can control these remotely running agents. The reports of individual observations, called events, may be retrieved by the investigator and preserved in a database. The events in this database may then be organized and associated with parts of a hypothesized crime theory, either in support or as a refutation of that theory. OmniSleuth's agent infrastructure is based on the result of an earlier project, the Secure Intrusion Detection Framework (SIDF) which enables the secure deployment of intrusion detection functionality to a network in the form of software agents.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2002
Accession Number
ADA401114

Entities

People

  • David M. Rosenthal
  • Matt Stillerman

Tags

Communities of Interest

  • Cyber
  • Space

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Application Software
  • Computer Networks
  • Computer Programming
  • Computers
  • Denial Of Service Attack
  • Deployment
  • Detection
  • Information Systems
  • Infrastructure
  • Intrusion
  • Intrusion Detection
  • Intrusion Detectors
  • Operating Systems
  • User Interface
  • Web Browsers
  • Word Processors

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Theoretical Analysis.

Technology Areas

  • Cyber