Abstract
This paper proposes a scheme in which the differentiated services field of IP headers is used to logically isolate network traffic for forensic purposes. The scheme is described and two example scenarios are presented to illustrate its utility. The scheme, which is based on standard networking technology, helps achieve isolation without additional network infrastructure. Moreover, the scheme is relatively easy to implement in an existing differentiated services network. The paper also discusses key design and configuration challenges that must be addressed in a successful implementation.
Chapter PDF
Similar content being viewed by others
References
S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang and W. Weiss, An architecture for differentiated services, RFC 2475, December 1998.
R. Callon and M. Suzuki, A framework for layer 3 providerprovisioned virtual private networks, RFC 4110, July 2005.
E. Casey, Network traffic as a source of evidence: Tool strengths, weaknesses and future needs, Digital Investigation, vol. 1(1), pp. 28–43, 2004.
E. Casey, Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet, Elsevier Academic Press, London, United Kingdom, 2004.
A. Charny, F. Baker, B. Davie, J. Bennett, K. Benson, J. Le Boudec, A. Chiu, W. Courtney, S. Davari, V. Firoiu, C. Klamanek, K. Ramakrishnan and D. Stiliadis, Supplemental information for the new definition of the expedited forwarding per hop behavior, RFC 3247, March 2002.
V. Corey, C. Peterman, S. Shearin, M. Greenberg and J. van Bokkelen, Network forensic analysis, IEEE Internet Computing, vol. 6(6), pp. 60–66, 2002.
B. Davie, A. Charny, J, Bennett, K. Benson, J. Le Boudec, W. Courtney, S. Davari, V. Firoiu and D. Stiliadis, An expedited forwarding per hop behavior, RFC 3246, March 2002.
N. Genge, The Forensic Casebook — The Science of Crime Scene Investigation, Ebury, London, United Kingdom, 2004.
J. Heinanen, F. Baker, W. Weiss and J. Wroclawski, Assured forwarding per hop behavior group, RFC 2597, June 1999.
K. Nichols, S. Blake, F. Baker and D. Black, Definition of the differentiated services field in the IPv4 and IPv6 headers, RFC 2474, December 1998.
E. Rosen, A. Viswanathan and R. Callon, Multi protocol label switching architecture, RFC 3031, January 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP Internatonal Federation for Information Processing
About this paper
Cite this paper
Strauss, T., Olivier, M., Kourie, D. (2006). Logical Traffic Isolation Using Differentiated Services. In: Olivier, M.S., Shenoi, S. (eds) Advances in Digital Forensics II. DigitalForensics 2006. IFIP Advances in Information and Communication, vol 222. Springer, Boston, MA. https://doi.org/10.1007/0-387-36891-4_18
Download citation
DOI: https://doi.org/10.1007/0-387-36891-4_18
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-36890-0
Online ISBN: 978-0-387-36891-7
eBook Packages: Computer ScienceComputer Science (R0)