A Framework of Network Forensics and its Application of Locating Suspects in Wireless Crime Scene Investigation
نویسندگان
چکیده
Digital forensics is the science of laws and technologies fighting computer crimes. It can be divided into two sub-areas, computer forensics and network forensics. Network forensics is still a frontier area of digital forensics and is the focus of this paper. We propose to classify network forensic investigations into three categories based on when law enforcement officers conduct investigations in response to cyber crime incidents. We define proactive investigations as those occurring before cyber crime incidents; real time investigations as those occurring during cyber crime incidents, and retroactive investigation as those occurring after cyber crime incidents. This classification in terms of incident timing helps us understand related laws since laws differ with investigation timing. We present a holistic study of the relationship between laws and network forensic investigations and believe that this framework provides a solid guide for digital forensic research. For example, the framework tells us that certain strategies (including technologies transformed from attacks against security systems) would violate the Constitution or relevant laws of the United States, which is the focus of this paper. With the guidance of this network forensic framework, we propose HaLo, a hand-held device transferred from the Nokia n900 smartphone for the real-time localization of a suspect committing crimes in a wireless crime scene. We collect only wireless signal strength information, which requires low-level legal authorization, or none in the case of private 2 investigations on campus. The basic idea of localization is to collect wireless signal strength samples while walking. The position where the maximum signal strength is measured will be a good estimate of the suspect device‟s location. The key challenge of accurate localization via the hand-held device is that the investigator has to control its walking speed and collects enough wireless signal strength samples. We found that digital accelerator on a smartphone and GPS are very often rough for measuring walking speed. We propose the space sampling theory for effective target signal strength sampling. We validate the localization accuracy via extensive experiments. A video of HaLo is at http://youtu.be/QGhBrt26Q8Y. In this demo, we placed a laptop which was sending out ICMP packets inside one classroom, used HaLo to sniff along the corridor and finally located the laptop.
منابع مشابه
Analyzing registry, log files, and prefetch files in finding digital evidence in graphic design applications
The products of graphic design applications leave behind traces of digital information which can be used during a digital forensic investigation in cases where counterfeit documents have been created. This paper analyzes the digital forensics involved in the creation of counterfeit documents. This is achieved by first recognizing the digital forensic artifacts left behind from the use of graphi...
متن کاملCyber Crime Scene Investigations (C²SI) through Cloud Computing
Cloud computing brings opportunities for network forensics tracing Internet criminals in the distributed environment. We may use the new “pay-as-you-go” model of the cloud computing to deploy the on-demand cyber surveillance sentinels and conduct distributed traceback in complicated cyber crime scene investigations. To trace criminals abusing anonymous communication networks such as Tor, law en...
متن کاملA new SDN-based framework for wireless local area networks
Nowadays wireless networks are becoming important in personal and public communication andgrowing very rapidly. Similarly, Software Dened Network (SDN) is an emerging approach to over-come challenges of traditional networks. In this paper, a new SDN-based framework is proposedto ne-grained control of 802.11 Wireless LANs. This work describes the benets of programmableAcc...
متن کاملAn Event-Based Digital Forensic Investigation Framework
In this paper, we present a framework for digital forensics that includes an investigation process model based on physical crime scene procedures. In this model, each digital device is considered a digital crime scene, which is included in the physical crime scene where it is located. The investigation includes the preservation of the system, the search for digital evidence, and the reconstruct...
متن کاملNew Model for Cyber Crime Investigation Procedure
In this paper, we presented a new model for cyber crime investigation procedure which is as follows: readiness phase, consulting with profiler, cyber crime classification and investigation priority decision, damaged cyber crime scene investigation, analysis by crime profiler, suspects tracking, injurer cyber crime scene investigation, suspect summon, cyber crime logical reconstruction, writing ...
متن کامل