CFP last date
20 December 2024
Reseach Article

A Generic Framework for Network Forensics

by Emmanuel S. Pilli, R.C. Joshi, Rajdeep Niyogi
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 1 - Number 11
Year of Publication: 2010
Authors: Emmanuel S. Pilli, R.C. Joshi, Rajdeep Niyogi
10.5120/251-408

Emmanuel S. Pilli, R.C. Joshi, Rajdeep Niyogi . A Generic Framework for Network Forensics. International Journal of Computer Applications. 1, 11 ( February 2010), 1-6. DOI=10.5120/251-408

@article{ 10.5120/251-408,
author = { Emmanuel S. Pilli, R.C. Joshi, Rajdeep Niyogi },
title = { A Generic Framework for Network Forensics },
journal = { International Journal of Computer Applications },
issue_date = { February 2010 },
volume = { 1 },
number = { 11 },
month = { February },
year = { 2010 },
issn = { 0975-8887 },
pages = { 1-6 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume1/number11/251-408/ },
doi = { 10.5120/251-408 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:45:54.890173+05:30
%A Emmanuel S. Pilli
%A R.C. Joshi
%A Rajdeep Niyogi
%T A Generic Framework for Network Forensics
%J International Journal of Computer Applications
%@ 0975-8887
%V 1
%N 11
%P 1-6
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Internet is the most powerful medium as on date, facilitating varied services to numerous users. It has also become the environment for cyber warfare where attacks of many types (financial, ideological, revenge) are being launched. The e-commerce transactions being carried out online are of major interest to cybercriminals. The Internet needs to be protected from these attacks and an appropriate response has to be generated to handle them to reduce the impact. Network forensics is the science that deals with capture, recording, and analysis of network traffic for investigative purpose and incident response. There are many tools which assist in capturing data transferred over the networks so that an attack or the malicious intent of the intrusions may be investigated. This paper presents a generic framework for network forensic analysis by specifically identifying the steps connected only to network forensics from the already proposed models for digital investigation. Each of the phases in the framework is elucidated. A comparison of the proposed model is done with the existing models for digital investigation. Research challenges in various phases of the model are approached with specific reference to network forensics.

References
  1. Baryamureeba, V. and Tushabe, F. 2004. The enhanced digital investigation process model. In Proceedings of the 4th Digital Forensic Research Workshop (Maryland, USA, 2004).
  2. Beebe, N.L. and Clark, J.G. 2005. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation. 2 (2), 147-167.
  3. Berghel, H. 2003. The discipline of Internet forensics. Communications of the ACM. 46 (8). 2003, 15-20.
  4. Broucek, V. and Turner, P. 2001. Forensic computing: Developing a conceptual approach for an emerging academic discipline. In Proceedings of the 5th Australian Security Research Symposium, (Perth, Australia, 2001).
  5. Carrier, B. and Spafford, E.H. 2003. Getting physical with the digital investigation process. International Journal of Digital Evidence. 2 (2). 2003.
  6. Casey, E. and Palmer, G. 2004. The investigative process. in Casey, E. ed. Digital evidence and computer crime, Elsevier Academic Press, 2004.
  7. Ciardhuáin, S.Ó. 2004. An extended Model of Cybercrime Investigations. International Journal of Digital Evidence, 3 (1), 2004.
  8. Cohen, M.I. 2008. PyFlag - an advanced network forensic platform. Digital Investigation, 5 (1), 112-120.
  9. Corey, V. Peterman, C. Shearin, S. Greenberg, M.S. and Bokkelen, J.V. 2002. Network forensics analysis. IEEE Internet Computing, 6 (6), 60-66.
  10. Garfinkel, S. Network Forensics: Tapping the Internet. http://www.oreillynet.com/pub/a/network/2002/04/26/ nettap.html
  11. Gates, C., Collins, M., Duggan, M., Kompanek A., and Thomas M. 2004. More Netflow Tools: For Performance and Security. In Proceedings of the 18th Conference on Large Installation Systems Administration, (Atlanta, USA, 2004), 121-132.
  12. Mandia, K. and Procise, C. 2003. Incident Response and Computer Forensics. (Osborne McGraw-Hill, New York, 2003).
  13. Moore, D., Shannon, C., Voelker, G. M. and Savage, S. 2004. Network telescopes: Technical report. CAIDA. (April, 2004).
  14. Palmer, G. 2001. A Road Map for Digital Forensic Research, 1st Digital Forensic Research Workshop, (New York, 2001), 15-30.
  15. Perry, S. 2006. Network forensics and the inside job. Network Security. 2006, 11-13.
  16. PyFlag, http://www.pyflag.net
  17. Ranum, M. Network Flight Recorder, http://www.ranum.com/
  18. Raynal, F., Berthier, Y., Biondi, P., and Kaminsky, D. 2004. Honeypot Forensics Part I: Analyzing the Network, IEEE Security & Privacy. 2 (4). (Jul - Aug 2004), 72-78.
  19. Reith, M., Carr, C., and Gunsch, G. 2002. An examination of digital forensic models. International Journal of Digital Evidence. 1. 2002.
  20. Ren, W. and Jin, H. 2005. Modeling the network forensics behaviors. In Proceedings of the 1st Int'l Conf. Security and Privacy for Emerging Areas in Communication Networks (Athens, Greece, 2005), 1-8
  21. Shimeall, T., Faber, S., DeShon, M., Kompanek,. 2009. Using SiLK for Network Traffic Analysis, SiLK Analysts Handbook. (January, 2009).
  22. SiLK, http://silktools.sourceforge.net/
  23. SiLK, http://tools.netsa.cert.org/silk/
  24. Sira, R. 2003. Network Forensics Analysis Tools: An Overview of an Emerging Technology. GSEC (1.4), 2003.
Index Terms

Computer Science
Information Sciences

Keywords

Network Forensics Traffic Analysis Traceback Attribution Incident Response