Forensic Investigation in Communication Networks Using Incomplete Digital Evidences
نویسندگان
چکیده
Security incidents targeting information systems have become more complex and sophisticated, and intruders might evade responsibility due to the lack of evidence to convict them. In this paper, we develop a system for Digital Forensic in Networking, called DigForNet, which is useful to analyze security incidents and explain the steps taken by the attackers. DigForNet combines intrusion response team knowledge with formal tools to identify the attack scenarios that have occurred and show how the system behaves for every step in the scenario. The attack scenarios construction is automated and the hypothetical concept is introduced within DigForNet to alleviate missing data related to evidences or investigator knowledge. DigForNet system supports the investigation of attack scenarios that integrate anti-investigation attacks. To exemplify the proposal, a case study is proposed.
منابع مشابه
The Modelling of a Digital Forensic Readiness Approach for Wireless Local Area Networks
Over the past decade, wireless mobile communication technology based on the IEEE 802.11 Wireless Local Area Networks (WLANs) has been adopted worldwide on a massive scale. However, as the number of wireless users has soared, so has the possibility of cybercrime. WLAN digital forensics is seen as not only a response to cybercrime in wireless networks, but also a means to stem the increase of cyb...
متن کاملTheoretical Aspects of Digital Investigation of Security Incidents
Slim Rekhis. Theoretical Aspects of Digital Investigation of Security Incidents. PhD thesis, Engineering School of Communications (Sup’Com), Networks and Security Research Lab (CN&S), February 2007. (Under the direction of Pr. Noureddine Boudriga). While research in computer security has started giving importance to digital investigation of security incidents, the focus is still on the developm...
متن کاملA Survey of Digital Evidences Forensic and Cybercrime Investigation Procedure
Due to the development of networks, cybercrime has many crime types, including network attack, mail fraud, intimidation, copyright infringement, and so on. For network attacks, many approaches have been proposed and used to detect and defense. However, after the network attack is confirmed or other crime exists, it still need to execute the investigation procedure by the investigators, collect ...
متن کاملSSL based Webmail Forensic Engine
In this era of information technology, email applications are the foremost and extensively used electronic communication technology. Emails are profusely used to exchange data and information using several frontend applications from various service providers by its users. Currently most of the email clients and service providers now moved to secured data communications using SSL or TLS security...
متن کاملA Novel Approach for Monitoring SQL Anti-Forensic Attacks Using Pattern Matching for Digital Forensic Investigation
Over the past few years the attacks on Software systems is increasing at an astonishing rate resulting in high revenue losses. Hence, Cyber/Digital forensics plays an important role by providing methods to acquire, asses, interpret, and use digital evidence to fetch conclusive details of cyber crime behavior. Recent trend in cyber crimes is the use of Anti-Forensic attacks to thwart the process...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IJCNS
دوره 2 شماره
صفحات -
تاریخ انتشار 2009