incubator-alois-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Alois Wiki] Update of "IMF2011" by UrsLerch
Date Sat, 15 Jan 2011 03:10:38 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Alois Wiki" for change notification.

The "IMF2011" page has been changed by UrsLerch.
The comment on this change is: added the chapter conclusions.
http://wiki.apache.org/alois/IMF2011?action=diff&rev1=18&rev2=19

--------------------------------------------------

  
  Of course, Apache ALOIS has to be configured to become a computer forensics platform. But
the configuration has to be done only once. And since it is an open source tool, configuration
can be reused. What has to be done, to make a true computer forensics tool out of Apache ALOIS,
is the task of the extraction of data. In a SIEM this is called an agent. Of course, we wouldn't
dare to propose to rewrite all the great tools used in this area. The meaning of an agent
is the one of a connector. Thus all the tools have to get a connector. This should done by
the vendor of the tool. To make this as easy as possible, Apache ALOIS plans to build a "service
bus" with standardized interfaces. The architecture of such a service bus could look like
this:
  
- {{http://incubator.apache.org/alois/images/Apache%20ALOIS%20Service%20Bus_small.png}}
+ {{http://incubator.apache.org/alois/images/Apache ALOIS Service Bus_small.png}}
  
  Therefore, it will not only be easy to connect a - proprietary or open source - application
to the system. It will also be possible to replace one or another standard moduls of Apache
ALOIS with the one that fits better the own special needs.
  
  == Conclusions ==
- [...]
+ Computer forensics is a domain with highly specialised tools from numerous vendors. What
is lacking is an integration platform, where all the data come together and therefore can
be correlated. Apache ALOIS is a SIEM and has already build in correlation. Since it is open
source software, it could be extended to a computer forensics cross-software platform, that
is vendor independent. Moreover, the fact that the software project is part of the Apache
community, guarantees its independence, a commercial-friendly licence and a healthy development.
  
  == References ==
  [...]

Mime
View raw message