Abstract
Network security approach addresses attacks from perspective of prevention, detection and mitigation. The alternative approach of network forensics involves investigation and prosecution which act as deterrence. Our paper presents a generic process model and reviews various implementations for network forensics. We propose a novel framework to address the research gaps and discuss the work-in-progress.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
New York Times, Cyber attack on Google Said to Hit Password System, http://www.nytimes.com/2010/04/20/technology/20google.html
Washington Post, Google threatens to leave China after attacks on activists’ e-mail, http://www.washingtonpost.com/wp-dyn/content/article/2010/01/12/AR2010011203024.html
Palmer, G.: A Road Map for Digital Forensic Research. In: 1st Digital Forensic Research Workshop, pp. 27–30 (2001)
Casey, E., Palmer, G.: The investigative process. Digital evidence and computer crime. Elsevier Academic Press, Amsterdam (2004)
Carrier, B., Spafford, E.H.: Getting physical with the digital investigation process. Int’l J. of Dig. Evidence. 2(2), 1–20 (2003)
Ciardhuain, S.O.: An extended Model of Cybercrime Investigations. Int’l J. of Dig. Evidence 3(1) (2004)
Ren, W., Jin, H.: Modeling the network forensics behaviors. In: 1st Int’l Conf. Security and Privacy for Emerging Areas in Comm. Networks. pp. 1–8 (2005)
Pilli, E.S., Joshi, R.C., Niyogi, R.: Network forensic frameworks: Survey and research challenges. Dig. Investigation (Int’l. J. Dig. Investigation 2010) (in Press)
Yasinsac, A., Manzano, Y.: Honeytraps, a network forensic tool. In: 6th Multi-Conf. on Systemics, Cybernetics and Informatics, Florida, USA (2002)
Shanmugasundaram, K., et al.: ForNet: A distributed forensics network. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 1–16. Springer, Heidelberg (2003)
Ren, W.: On the Reference Model of Distributed Cooperative Network Forensics System. In: 6th Int’l Conf. Information Integration and Web-based Application & Services, Jakarta, Indonesia, pp. 771–775 (2004)
Kim, J., Kim, M., Noh, B.N.: A Fuzzy Expert System for Network Forensics. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 175–182. Springer, Heidelberg (2004)
Almulhem, A., Traore, I.: Experience with Engineering a Network Forensics System. In: Kim, C. (ed.) ICOIN 2005. LNCS, vol. 3391, pp. 62–71. Springer, Heidelberg (2005)
Nikkel, B.J.: A portable network forensic evidence collector. Dig. Investigation (Int’l. J. Dig. Investigation) 3(3), 127–135 (2006)
Tian, J., Zhao, W., Du, R.: D-S Evidence Theory and Its Data Fusion Application in Intrusion Detection. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 244–251. Springer, Heidelberg (2005)
Fong, E., Okun, V.: Web Application Scanners: Definitions and Functions. In: 40th Ann. Hawaii Int’l Conf. on Sys. Sciences, Hawaii, p. 280b (2007)
Sekar, V., et al.: Toward a Framework for Internet Forensic Analysis. In: ACM SIGCOMM Third Workshop on Hot Topics in Networks, HotNets (2004)
Ponec, M., et al.: New payload attribution methods for network forensic investigations. ACM Trans. Info. Syst. Security 13(2), 32 (2010) Article 15
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pilli, E.S., Joshi, R.C., Niyogi, R. (2010). A Framework for Network Forensic Analysis. In: Das, V.V., Vijaykumar, R. (eds) Information and Communication Technologies. ICT 2010. Communications in Computer and Information Science, vol 101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15766-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-15766-0_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15765-3
Online ISBN: 978-3-642-15766-0
eBook Packages: Computer ScienceComputer Science (R0)