LogIn / RegistrationArticles for sale
- Head office address: Moscow, 123317, Moscow City, 8th Floor, Presnenskaya Embankment, 6, bldg. 2
- article@123mi.ru
- Сортировка:
- по горящим
- по цене
- по дате
#5885. Establishing forensics capabilities in the presence of superuser insider threats
| August 2026 | publication date |
| Proposal available till | 03-06-2025 |
| 4 total number of authors per manuscript | 0 $ |
| The title of the journal is available only for the authors who have already paid for |
| Journal’s subject area: |
| Law Information Technology |
| place 1 | place 2 | place 3 | place 4 |
| Free | Free | Free | Free |
| 2350 $ | 1200 $ | 1050 $ | 900 $ |
Contract №5885.1   | Contract №5885.2 | Contract №5885.3 | Contract №5885.4 |
1 place - free (for sale)
2 place - free (for sale)
3 place - free (for sale)
4 place - free (for sale)
More details about the manuscript: Science Citation Index Expanded or/and Social Sciences Citation Index
Abstract:
Insider threats are paving ways to the headlines of security articles and reports across the globe. Its a common practice across organizations to have designated employees as administrators with complete administrative or superuser capabilities for the IT infrastructure. In this paper, we argue that superusers with all the administrative and access control capabilities may escape from the scrutiny of forensic investigation and may also become a major obstacle in the process of evidence collection. Through this work, we open a discussion on forensic aspects of insider threats with a particular focus on superuser forensics. We identify the anti-forensic administrative privileges of the superusers and discuss the sheer forensic repercussions with the help of four generic insider threat cases. As our primary contribution, we identify and define the four important requirements for a superuser-immune solution. These requirements include denying and logical access to the potential forensic artifacts, timely synchronization and integrity of evidential artifacts, and ensuring the execution of legitimate code/service and notification capabilities. Based on the identified requirements, we propose a forensic compliant mechanism, “Log-of-logs server” to countermeasure the inherent anti-forensic capabilities of the superuser. We showcase that the proposed framework effectively helps in establishing forensic capabilities for superusers. We also present the security analysis of our framework and discuss its forensic feasibility.
Keywords:
Insider threat forensics; Insider threats; Superuser; Superuser forensics
Contacts :
2 place - free (for sale)
3 place - free (for sale)
4 place - free (for sale)
More details about the manuscript: Science Citation Index Expanded or/and Social Sciences Citation Index
Abstract:
Insider threats are paving ways to the headlines of security articles and reports across the globe. Its a common practice across organizations to have designated employees as administrators with complete administrative or superuser capabilities for the IT infrastructure. In this paper, we argue that superusers with all the administrative and access control capabilities may escape from the scrutiny of forensic investigation and may also become a major obstacle in the process of evidence collection. Through this work, we open a discussion on forensic aspects of insider threats with a particular focus on superuser forensics. We identify the anti-forensic administrative privileges of the superusers and discuss the sheer forensic repercussions with the help of four generic insider threat cases. As our primary contribution, we identify and define the four important requirements for a superuser-immune solution. These requirements include denying and logical access to the potential forensic artifacts, timely synchronization and integrity of evidential artifacts, and ensuring the execution of legitimate code/service and notification capabilities. Based on the identified requirements, we propose a forensic compliant mechanism, “Log-of-logs server” to countermeasure the inherent anti-forensic capabilities of the superuser. We showcase that the proposed framework effectively helps in establishing forensic capabilities for superusers. We also present the security analysis of our framework and discuss its forensic feasibility.
Keywords:
Insider threat forensics; Insider threats; Superuser; Superuser forensics
Contacts :
