2. Referenced Documents¶
The following documents describe the DIMS project and provide background material related to tasking.
- DIMS Operational Concept Description v 2.9.0
- DIMS Architecture Design v 2.9.0
- DIMS Test Plan v 2.9.0
- HSHQDC-13-C-B0013, “From Local to Gobal Awareness: A Distributed Incident Management System,” Draft contract, Section C - Statement of Work (marked up version)
- MIL-STD-498, Military Standard Software Development and Documentation, AMSC No. N7069, Dec. 1994.
- Aldridge, J. Targeted Intrusion Remediation: Lessons from the Front Lines, August 2012. Black Hat USA 2012 Presentation. https://www.mandiant.com/blog/black-hat-usa-2012-presentation-targeted-intrusion-remediation-lessons-front-lines/
- Beebe, N. and Clark, J. G. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2):147–167, 2005. http://faculty.business.utsa.edu/nbeebe/pubs/DIP%20Framework%20Journal%20Submission%20v4%20-%20FINAL%20JDI%20author%20copy.pdf
- Bluehat1. New MAPP Initiatives, July 2013. BlueHat Blog. http://blogs.technet.com/b/bluehat/archive/2013/07/29/new-mapp-initiatives.aspx
- Boyd, J. R. (Col.). Boyd’s OODA “Loop” From “The Essence of Winning and Losing”, 2008. Available at http://www.d-n-i.net/fcs/ppt/boyds_ooda_loop.ppt
- Ciardhuain, S.O. An Extended Model of Cybercrime Investigations. International Journal of Digital Evidence, 3(1), Summer 2004. http://www.utica.edu/academic/institutes/ecii/publications/articles/A0B70121-FD6C-3DBA-0EA5C3E93CC575FA.pdf
- Dittrich, D. PRISEM Analyst’s Handbook, December 2013.
- Dittrich, D. PRISEM System Administration Handbook, December 2013.
- Dittrich, D. Advanced Incident Response Capabilities Supporting Collaborative and Cooperative Responses. Unpublished manuscript, April 2007.
- Dittrich, D. On Developing Tomorrow’s “Cyber Warriors”. In Proceedings of the 12th Colloquium for Information Systems Security Education, June 2008. http://staff.washington.edu/dittrich/misc/cisse2008-dittrich.pdf
- Dittrich, D.. On the Development of Computer Network Attack Capabilities. Unpublished manuscript, February 2008. This work was performed for the National Research Council under agreement D-235- DEPS-2007-001.
- Dittrich, D. The Conflicts Facing Those Responding to Cyberconflict. In USENIX ;login: vol. 34, no. 6, December 2009. http://www.usenix.org/publications/login/2009-12/openpdfs/dittrich.pdf
- Executive Office of the President. Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection. http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm, December 2003.
- Federal Emergency Management Agency. National Response Framework, January 2008. http://www.fema.gov/pdf/emergency/nrf/nrf-core.pdf
- Gragido, W. Understanding Indicators of Compromise (IOC) Part I, October 2012. http://blogs.rsa.com/will-gragido/understanding-indicators-of-compromise-ioc-part-i/
- Hamilton, M. and Dittrich, D. An overview of the Public Regional Information Security Event Management Project, December 2013.
- Hutchins, E., Cloppert, M. and Amin, R. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. In 6th Annual International Conference on Information Warfare and Security. Lockheed Martin Corporation, December 2011. http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf
- Khurana, H., Basney, J., Bakht, M. Freemon, M., Welch, V., and Butler, R. Palantir: A Framework for Collaborative Incident Response and Investigation. In IDtrust ‘09: Proceedings of the 8th Symposium on Identity and Trust on the Internet, pages 38–51, New York, NY, USA, April 2009. ACM. http://middleware.internet2.edu/idtrust/2009/papers/05-khurana-palantir.pdf
- Ieong, R. S. C. FORZA - Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3(Supplement-1):29–36, 2006. http://www.dfrws.org/2006/proceedings/4-Ieong.pdf
- Mandiant. Using Indicators of Compromise to Find Evil and Fight Crime, August 2011. http://www.us-cert.gov/GFIRST/presentations/2011/Using_Indicators_of_Compromise.pdf
- Mandiant. APT1: Exposing One of China’s Cyber Espionage Units, February 2013. http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
- Microsoft Developer Network. Chapter 3: Workflow and Process. http://msdn.microsoft.com/en-us/library/bb833024.aspx
- The Mitre Corporation. Standarizing Cyber Threat Intelligence Information with the Structured Threat Information eXpression (STIX), 2012. http://makingsecuritymeasurable.mitre.org/docs/STIX-Whitepaper.pdf
- Richards, C. Briefings - Colonel John R. Boyd, USAF, November 2009. http://www.ausairpower.net/APA-Boyd-Papers.html