{"id":"https://openalex.org/W1991606108","doi":"https://doi.org/10.1145/1940941.1940975","title":"A forensic approach to incident response","display_name":"A forensic approach to incident response","publication_year":2010,"publication_date":"2010-10-01","ids":{"openalex":"https://openalex.org/W1991606108","doi":"https://doi.org/10.1145/1940941.1940975","mag":"1991606108"},"language":"en","primary_location":{"id":"doi:10.1145/1940941.1940975","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1940941.1940975","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2010 Information Security Curriculum Development Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057394672","display_name":"Trevor Lamis","orcid":null},"institutions":[{"id":"https://openalex.org/I172980758","display_name":"Kennesaw State University","ror":"https://ror.org/00jeqjx33","country_code":"US","type":"education","lineage":["https://openalex.org/I172980758"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Trevor Lamis","raw_affiliation_strings":["Kennesaw State University, MS, Kennesaw, GA","Kennesaw State University, MS, Kennesaw, GA#TAB#"],"affiliations":[{"raw_affiliation_string":"Kennesaw State University, MS, Kennesaw, GA","institution_ids":["https://openalex.org/I172980758"]},{"raw_affiliation_string":"Kennesaw State University, MS, Kennesaw, GA#TAB#","institution_ids":["https://openalex.org/I172980758"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5057394672"],"corresponding_institution_ids":["https://openalex.org/I172980758"],"apc_list":null,"apc_paid":null,"fwci":2.08932785,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.90366947,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"177","last_page":"185"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.9916999936103821,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/incident-response","display_name":"Incident response","score":0.9733785390853882},{"id":"https://openalex.org/keywords/incident-report","display_name":"Incident report","score":0.7072994709014893},{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.7060554623603821},{"id":"https://openalex.org/keywords/incident-management","display_name":"Incident management","score":0.6981369256973267},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.563423216342926},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5619750618934631},{"id":"https://openalex.org/keywords/critical-incident-technique","display_name":"Critical Incident Technique","score":0.5313661098480225},{"id":"https://openalex.org/keywords/plan","display_name":"Plan (archaeology)","score":0.5275402069091797},{"id":"https://openalex.org/keywords/crisis-response","display_name":"Crisis response","score":0.4822036027908325},{"id":"https://openalex.org/keywords/response-time","display_name":"Response time","score":0.4637942910194397},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.442476749420166},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.3564871549606323},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.16807126998901367},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.07970714569091797},{"id":"https://openalex.org/keywords/public-relations","display_name":"Public relations","score":0.07126489281654358}],"concepts":[{"id":"https://openalex.org/C2985105721","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident response","level":2,"score":0.9733785390853882},{"id":"https://openalex.org/C2909164965","wikidata":"https://www.wikidata.org/wiki/Q6014597","display_name":"Incident report","level":2,"score":0.7072994709014893},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.7060554623603821},{"id":"https://openalex.org/C2780952636","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident management","level":2,"score":0.6981369256973267},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.563423216342926},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5619750618934631},{"id":"https://openalex.org/C2779707562","wikidata":"https://www.wikidata.org/wiki/Q1140525","display_name":"Critical Incident Technique","level":2,"score":0.5313661098480225},{"id":"https://openalex.org/C2776505523","wikidata":"https://www.wikidata.org/wiki/Q4785468","display_name":"Plan (archaeology)","level":2,"score":0.5275402069091797},{"id":"https://openalex.org/C2987285537","wikidata":"https://www.wikidata.org/wiki/Q1460420","display_name":"Crisis response","level":2,"score":0.4822036027908325},{"id":"https://openalex.org/C19012869","wikidata":"https://www.wikidata.org/wiki/Q578372","display_name":"Response time","level":2,"score":0.4637942910194397},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.442476749420166},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.3564871549606323},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.16807126998901367},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.07970714569091797},{"id":"https://openalex.org/C39549134","wikidata":"https://www.wikidata.org/wiki/Q133080","display_name":"Public relations","level":1,"score":0.07126489281654358},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C121684516","wikidata":"https://www.wikidata.org/wiki/Q7600677","display_name":"Computer graphics (images)","level":1,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1940941.1940975","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1940941.1940975","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2010 Information Security Curriculum Development Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7799999713897705,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W1535929991","https://openalex.org/W1988453576","https://openalex.org/W1996734614","https://openalex.org/W2000338805","https://openalex.org/W2007849838","https://openalex.org/W2028303111","https://openalex.org/W2037697692","https://openalex.org/W2066057766","https://openalex.org/W2101843742","https://openalex.org/W2340773416"],"related_works":["https://openalex.org/W3204723561","https://openalex.org/W3199928954","https://openalex.org/W4251008024","https://openalex.org/W612990953","https://openalex.org/W2249861023","https://openalex.org/W4236345345","https://openalex.org/W1991606108","https://openalex.org/W4206206623","https://openalex.org/W4234818878","https://openalex.org/W2160216271"],"abstract_inverted_index":{"An":[0,39],"incident":[1,33,40,93],"response":[2,16,34,41,80,94],"plan":[3],"is":[4,52,65,74],"critical":[5],"for":[6,91],"the":[7,46,49,59,78],"detection":[8],"and":[9,28,44,55,71,81,86,95],"removal":[10],"of":[11,68],"information":[12],"security":[13],"threats.":[14],"Incident":[15],"involves":[17],"many":[18],"aspects":[19],"other":[20],"than":[21],"technical":[22],"issues.":[23],"There":[24],"are":[25],"management,":[26],"legal,":[27],"social":[29],"issues":[30],"that":[31],"an":[32],"team":[35],"needs":[36],"to":[37],"consider.":[38],"identifies,":[42],"contains,":[43],"eliminates":[45],"incident.":[47],"Then,":[48],"compromised":[50],"system":[51],"fully":[53],"recovered":[54],"restored.":[56],"To":[57],"hold":[58],"intruder":[60],"accountable,":[61],"a":[62],"forensic":[63],"investigation":[64],"needed.":[66],"Documentation":[67],"all":[69],"activities":[70],"evidence":[72],"gathering":[73],"crucial":[75],"when":[76],"during":[77],"entire":[79],"investigation.":[82],"The":[83],"paper":[84],"proposes":[85],"discusses":[87],"interconnected":[88],"methodological":[89],"frameworks":[90],"both":[92],"network":[96],"forensics.":[97]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2015,"cited_by_count":2},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}