Forensic Profiling System
نویسندگان
چکیده
Incidents related to hacking and network intrusion are on the increase. Most organizations safeguard themselves against cyber attacks by employing security methods such as encryption technologies, network monitoring tools, deploying firewalls and intrusion detection and response mechanisms. Even though prevention mechanisms are in place the vulnerabilities associated with any computer network or security tool can be exploited by hackers to generate attacks. A major drawback in apprehending cyber criminals is lack of efficient attribution mechanisms. This paper proposes a forensic profiling system which accommodates real-time evidence collection as a network feature to address the difficulties involved in collecting evidence against cyber attackers. Forensic profiling system is based on client-server architecture and comprises of a centralized forensic server and each network component is configured as a forensic client. The forensic clients are programmed to look for discrepancies/malicious activities and subsequently, log the detected suspicious activity to the forensic server. The forensic server collects evidence related to the suspicious activities and matches them to the forensic profile database that contains descriptors for investigated attacks. The forensic server later queries the clients in order to receive more information about the alerts received by it. The agents installed in each of the forensic clients continuously monitor the activities of an individual client. In case a suspicious activity is detected, the client sends an alert to the forensic server along with the log entries that substantiate such activity. During the latent state of the network, the forensic profile of an attack contains alerts associated with it. When an alert is received by the forensic server the latent profiles that contain a match for the received alert become active. Depending upon the received alert, and referring to the profile database, the forensic server probes the clients. An active profile would contain all the alerts associated with the attack along with the corresponding log entries. The log entries stored in the forensic server provides the forensic evidence and speeds up the investigation process.
منابع مشابه
Multivariate Chemometrics with Regression and Classification Analyses in Heroin Profiling Based on the Chromatographic Data.
The purpose of this work is to promote and facilitate forensic profiling and chemical analysis of illicit drug samples in order to determine their origin, methods of production and transfer through the country. The article is based on the gas chromatography analysis of heroin samples seized from three different locations in Serbia. Chemometric approach with appropriate statistical tools (multip...
متن کاملMultivariate Chemometrics with Regression and Classification Analyses in Heroin Profiling Based on the Chromatographic Data.
The purpose of this work is to promote and facilitate forensic profiling and chemical analysis of illicit drug samples in order to determine their origin, methods of production and transfer through the country. The article is based on the gas chromatography analysis of heroin samples seized from three different locations in Serbia. Chemometric approach with appropriate statistical tools (multip...
متن کاملA forensic STR profiling system for the Eurasian badger: a framework for developing profiling systems for wildlife species.
Developing short tandem repeat (STR) profiling systems for forensic identification is complicated in animal species. Obtaining a representative number of individuals from populations, limited access to family groups and a lack of developed STR markers can make adhering to human forensic guidelines difficult. Furthermore, a lack of animal specific guidelines may explain why many wildlife forensi...
متن کاملThe Forensic Use of DNA Profiling
The application of DNA profiling in the criminal justice system is an important issue facing Australian courts and criminal investigators today. The technology is changing rapidly and several new techniques are becoming available. Increasingly, legal advisers are required to come to grips with this kind of scientific evidence. DNA profiling has been described as a powerful breakthrough in foren...
متن کاملRecent Advances in Forensic DNA Analysis
Forensic DNA (deoxyribonucleic acid) analysis or DNA profiling has played a major role in the criminal justice system. New techniques and technologies for DNA profiling continue to evolve every year. This paper reviews the literature reported during January 2011 through June 2013 in the field of forensic DNA analysis. Recent advances in almost all aspects of DNA analysis – which include sample ...
متن کامل