CFP last date
20 January 2025
Reseach Article

Obtaining Digital Evidence from Intrusion Detection Systems

by Mboupda Moyo Achille, Atsa Etoundi Roger
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 95 - Number 12
Year of Publication: 2014
Authors: Mboupda Moyo Achille, Atsa Etoundi Roger
10.5120/16649-6623

Mboupda Moyo Achille, Atsa Etoundi Roger . Obtaining Digital Evidence from Intrusion Detection Systems. International Journal of Computer Applications. 95, 12 ( June 2014), 34-41. DOI=10.5120/16649-6623

@article{ 10.5120/16649-6623,
author = { Mboupda Moyo Achille, Atsa Etoundi Roger },
title = { Obtaining Digital Evidence from Intrusion Detection Systems },
journal = { International Journal of Computer Applications },
issue_date = { June 2014 },
volume = { 95 },
number = { 12 },
month = { June },
year = { 2014 },
issn = { 0975-8887 },
pages = { 34-41 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume95/number12/16649-6623/ },
doi = { 10.5120/16649-6623 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:19:18.588568+05:30
%A Mboupda Moyo Achille
%A Atsa Etoundi Roger
%T Obtaining Digital Evidence from Intrusion Detection Systems
%J International Journal of Computer Applications
%@ 0975-8887
%V 95
%N 12
%P 34-41
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Intrusion detection techniques have appeared to inspect all of the inbound and outbound network activities, and to identify suspicious patterns that indicate an attack that might compromise an information system. However, related information can be collected so as to supply evidence in criminal and civil legal proceedings. Several works have been carried out in the domain of Intrusion Detection and Prevention System (IDPS) but, none of the resulting models taking into account the possibility to collect intrusion related information in such a way that some of it can be turned in evidence in a proactive digital forensic purpose. In the literature, some authors have mentioned the possibility of re-designing IDPS as sources of evidence but, a formal model has never been proposed. This paper proposes an intrusion detection architecture for digital forensic purposes implemented using SNORT program.

References
  1. Aleksandar Lazarevic, Vipin Kumar, and Jaideep Srivastava. : Intrusion Detection: A Survey, (2005).
  2. Biswanath Mukherjee, L. Todd Heberlein, and Karl N. Levitt. : Network Intrusion Detection. IEEE Network 8, 3, 26–41, (1994).
  3. Rodney McKemmish. : What is Forensic Computing? Australian Institute of Criminology. http://books. google. pt/books?id=NoqGmgEACAAJ, (1999).
  4. Eoghan Casey. : Digital Evidence and Computer Crime, 3rd Edition, Forensic Science, Computers, and the Internet. Academic PressPrint Book, Baltimore, USA, (2011).
  5. George M. Mohay, Alison Anderson, Byron Collie, Rodney D. McKemmish, and Olivier de Vel. : Computer and Intrusion Forensics. Artech House, Inc. , Norwood, MA, USA, (2003).
  6. Jim Yuill, Shyhtsun Felix Wu, Fengmin Gong, and Ming-Yuh Huang. : Intrusion Detection for an On-Going Attack. . In Recent Advances in Intrusion Detection (2002-01-03). http://dblp. uni-trier. de/db/conf/raid/raid1999. html#YuillWGH99, (1999).
  7. Peter Stephenson. : The Application of Intrusion Detection Systems in a Forensic Environment. Executive Office for United States Attorneys, Vol. 59. United States, Department of Justice, Washington, DC 20530, (2011).
  8. Golden G. Richard, III and Vassil Roussev. : Next-generation Digital Forensics. Commun. ACM 49, 2 (Feb. 2006), 76–80. DOI:http://dx. doi. org/10. 1145/1113034. 1113074, (2006).
  9. Thomas Scaria Nathan Balon, Ronald Stovall. : Computer Intrusion Forensics. (2004).
  10. Peter Sommer. : Intrusion detection systems as evidence. Computer Networks 31, 2324, 2477 – 2487. DOI:http://dx. doi. org/10. 1016/S1389-1286(99)00113-9, (1999).
  11. Mark L. Krotoski and Jason Passwaters. : Obtaining and Admitting Electronic Evidence. Executive Office for United States Attorneys, Vol. 59. Washington, DC 20530. http://www. justice. gov/usao/eousa/foia reading room/usab5906. pdf, (2011).
  12. Roger Etoundi Atsa and Achille Moyo Mboupda. : Multi-perspective Cybercrime Investigation Process Modeling. International Journal of Applied Information Systems 2, 8 (June 2012), 14–20. Published by Foundation of Computer Science, New York, USA, (2012).
  13. Rafeeq Ur Rehman. : Intrusion Detection Systems With Snort: Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, And ACID. Prentice Hall PTR, Upper Saddle River, N. J. http://isbnplus. org/9780131407336, (2003).
  14. Kristin M. Finklea and Catherine A. Theohary. : Cybercrime: conceptual issues for congress and U. S. law enforcement. United States, Department of Justice, Washington, DC 20530, (2013).
  15. P. Lakshmi Prasanna D. R. Lavanya K. Rajasekhar, B. Sekhar Babu and T. Vamsi Krishna. : An Overview of Intrusion Detection System Strategies and Issues. InternatIonal Journal of Computer Science and technology 2, 4 (December 2011).
  16. Eoghan Casey. : Network traffic as a source of evidence: tool strengths, weaknesses, and future needs. Digital Investigation 1, 1 (2004), 28 – 43. DOI:http://dx. doi. org/10. 1016/j. diin. 2003. 12. 002, (2004).
  17. Eugene H. Spafford and Diego Zamboni. : Data Collection Mechanisms for Intrusion Detection Systems. Technical Report. Cerias, Purdue University, 1315 Recitation Building, (2000).
  18. Andrew Case, Andrew Cristina, Lodovico Marziale, Golden G. Richard, and Vassil Roussev. : FACE: Automated digital evidence discovery and correlation. Digital Investigation 5, Supplement, 0 (2008), S65 – S75. DOI:http://dx. doi. org/10. 1016/j. diin. 2008. 05. 008 The Proceedings of the Eighth Annual DFRWS Conference, (2008).
  19. Talania Grobler, C. P. Louwrens, and Sebastian H. von Solms. 2010. A Multi-component View of Digital Forensics. In ARES (2010-03-22). IEEE Computer Society, 647–652. http://dblp. uni-trier. de/db/conf/IEEEares/ares2010. html#GroblerLS10
Index Terms

Computer Science
Information Sciences

Keywords

Intrusion detection and prevention system Digital forensic Cybercrime investigation