2. Referenced Documents

The following documents describe the DIMS project and provide background material related to tasking.

  1. DIMS Operational Concept Description v 2.9.0
  2. DIMS Architecture Design v 2.9.0
  3. DIMS Test Plan v 2.9.0
  4. HSHQDC-13-C-B0013, “From Local to Gobal Awareness: A Distributed Incident Management System,” Draft contract, Section C - Statement of Work (marked up version)
  5. MIL-STD-498, Military Standard Software Development and Documentation, AMSC No. N7069, Dec. 1994.
  6. Aldridge, J. Targeted Intrusion Remediation: Lessons from the Front Lines, August 2012. Black Hat USA 2012 Presentation. https://www.mandiant.com/blog/black-hat-usa-2012-presentation-targeted-intrusion-remediation-lessons-front-lines/
  7. Beebe, N. and Clark, J. G. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2):147–167, 2005. http://faculty.business.utsa.edu/nbeebe/pubs/DIP%20Framework%20Journal%20Submission%20v4%20-%20FINAL%20JDI%20author%20copy.pdf
  8. Bluehat1. New MAPP Initiatives, July 2013. BlueHat Blog. http://blogs.technet.com/b/bluehat/archive/2013/07/29/new-mapp-initiatives.aspx
  9. Boyd, J. R. (Col.). Boyd’s OODA “Loop” From “The Essence of Winning and Losing”, 2008. Available at http://www.d-n-i.net/fcs/ppt/boyds_ooda_loop.ppt
  10. Ciardhuain, S.O. An Extended Model of Cybercrime Investigations. International Journal of Digital Evidence, 3(1), Summer 2004. http://www.utica.edu/academic/institutes/ecii/publications/articles/A0B70121-FD6C-3DBA-0EA5C3E93CC575FA.pdf
  11. Dittrich, D. PRISEM Analyst’s Handbook, December 2013.
  12. Dittrich, D. PRISEM System Administration Handbook, December 2013.
  13. Dittrich, D. Advanced Incident Response Capabilities Supporting Collaborative and Cooperative Responses. Unpublished manuscript, April 2007.
  14. Dittrich, D. On Developing Tomorrow’s “Cyber Warriors”. In Proceedings of the 12th Colloquium for Information Systems Security Education, June 2008. http://staff.washington.edu/dittrich/misc/cisse2008-dittrich.pdf
  15. Dittrich, D.. On the Development of Computer Network Attack Capabilities. Unpublished manuscript, February 2008. This work was performed for the National Research Council under agreement D-235- DEPS-2007-001.
  16. Dittrich, D. The Conflicts Facing Those Responding to Cyberconflict. In USENIX ;login: vol. 34, no. 6, December 2009. http://www.usenix.org/publications/login/2009-12/openpdfs/dittrich.pdf
  17. Executive Office of the President. Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection. http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm, December 2003.
  18. Federal Emergency Management Agency. National Response Framework, January 2008. http://www.fema.gov/pdf/emergency/nrf/nrf-core.pdf
  19. Gragido, W. Understanding Indicators of Compromise (IOC) Part I, October 2012. http://blogs.rsa.com/will-gragido/understanding-indicators-of-compromise-ioc-part-i/
  20. Hamilton, M. and Dittrich, D. An overview of the Public Regional Information Security Event Management Project, December 2013.
  21. Hutchins, E., Cloppert, M. and Amin, R. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. In 6th Annual International Conference on Information Warfare and Security. Lockheed Martin Corporation, December 2011. http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf
  22. Khurana, H., Basney, J., Bakht, M. Freemon, M., Welch, V., and Butler, R. Palantir: A Framework for Collaborative Incident Response and Investigation. In IDtrust ‘09: Proceedings of the 8th Symposium on Identity and Trust on the Internet, pages 38–51, New York, NY, USA, April 2009. ACM. http://middleware.internet2.edu/idtrust/2009/papers/05-khurana-palantir.pdf
  23. Ieong, R. S. C. FORZA - Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3(Supplement-1):29–36, 2006. http://www.dfrws.org/2006/proceedings/4-Ieong.pdf
  24. Mandiant. Using Indicators of Compromise to Find Evil and Fight Crime, August 2011. http://www.us-cert.gov/GFIRST/presentations/2011/Using_Indicators_of_Compromise.pdf
  25. Mandiant. APT1: Exposing One of China’s Cyber Espionage Units, February 2013. http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
  26. Microsoft Developer Network. Chapter 3: Workflow and Process. http://msdn.microsoft.com/en-us/library/bb833024.aspx
  27. The Mitre Corporation. Standarizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX), 2012. http://makingsecuritymeasurable.mitre.org/docs/STIX-Whitepaper.pdf
  28. Richards, C. Briefings - Colonel John R. Boyd, USAF, November 2009. http://www.ausairpower.net/APA-Boyd-Papers.html