Call for Paper - June Edition
IJCA solicits original research papers for the June Edition of IJCA. Last date of manuscript submission is May 21, 2012. Read More

A Generic Framework for Network Forensics

Print
PDF
Share
download Full Text
International Journal of Computer Applications
© 2010 by IJCA Journal.
Number 11 - Article 1
Year of Publication: 2010
Authors:
Emmanuel S. Pilli
R.C. Joshi
Rajdeep Niyogi
10.5120/251-408

Emmanuel S Pilli, R C Joshi and Rajdeep Niyogi. Article: A Generic Framework for Network Forensics. International Journal of Computer Applications 1(11):1–6, February 2010. Published By Foundation of Computer Science. BibTeX

@article{key:article,
	author = {Emmanuel S. Pilli and R.C. Joshi and Rajdeep Niyogi},
	title = {Article: A Generic Framework for Network Forensics},
	journal = {International Journal of Computer Applications},
	year = {2010},
	volume = {1},
	number = {11},
	pages = {1--6},
	month = {February},
	note = {Published By Foundation of Computer Science}
}

Abstract

Internet is the most powerful medium as on date, facilitating varied services to numerous users. It has also become the environment for cyber warfare where attacks of many types (financial, ideological, revenge) are being launched. The e-commerce transactions being carried out online are of major interest to cybercriminals. The Internet needs to be protected from these attacks and an appropriate response has to be generated to handle them to reduce the impact. Network forensics is the science that deals with capture, recording, and analysis of network traffic for investigative purpose and incident response. There are many tools which assist in capturing data transferred over the networks so that an attack or the malicious intent of the intrusions may be investigated. This paper presents a generic framework for network forensic analysis by specifically identifying the steps connected only to network forensics from the already proposed models for digital investigation. Each of the phases in the framework is elucidated. A comparison of the proposed model is done with the existing models for digital investigation. Research challenges in various phases of the model are approached with specific reference to network forensics.

Reference

  • Baryamureeba, V. and Tushabe, F. 2004. The enhanced digital investigation process model. In Proceedings of the 4th Digital Forensic Research Workshop (Maryland, USA, 2004).
  • Beebe, N.L. and Clark, J.G. 2005. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation. 2 (2), 147-167.
  • Berghel, H. 2003. The discipline of Internet forensics. Communications of the ACM. 46 (8). 2003, 15-20.
  • Broucek, V. and Turner, P. 2001. Forensic computing: Developing a conceptual approach for an emerging academic discipline. In Proceedings of the 5th Australian Security Research Symposium, (Perth, Australia, 2001).
  • Carrier, B. and Spafford, E.H. 2003. Getting physical with the digital investigation process. International Journal of Digital Evidence. 2 (2). 2003.
  • Casey, E. and Palmer, G. 2004. The investigative process. in Casey, E. ed. Digital evidence and computer crime, Elsevier Academic Press, 2004.
  • Ciardhuáin, S.Ó. 2004. An extended Model of Cybercrime Investigations. International Journal of Digital Evidence, 3 (1), 2004.
  • Cohen, M.I. 2008. PyFlag - an advanced network forensic platform. Digital Investigation, 5 (1), 112-120.
  • Corey, V. Peterman, C. Shearin, S. Greenberg, M.S. and Bokkelen, J.V. 2002. Network forensics analysis. IEEE Internet Computing, 6 (6), 60-66.
  • Garfinkel, S. Network Forensics: Tapping the Internet. http://www.oreillynet.com/pub/a/network/2002/04/26/ nettap.html
  • Gates, C., Collins, M., Duggan, M., Kompanek A., and Thomas M. 2004. More Netflow Tools: For Performance and Security. In Proceedings of the 18th Conference on Large Installation Systems Administration, (Atlanta, USA, 2004), 121-132.
  • Mandia, K. and Procise, C. 2003. Incident Response and Computer Forensics. (Osborne McGraw-Hill, New York, 2003).
  • Moore, D., Shannon, C., Voelker, G. M. and Savage, S. 2004. Network telescopes: Technical report. CAIDA. (April, 2004).
  • Palmer, G. 2001. A Road Map for Digital Forensic Research, 1st Digital Forensic Research Workshop, (New York, 2001), 15-30.
  • Perry, S. 2006. Network forensics and the inside job. Network Security. 2006, 11-13.
  • PyFlag, http://www.pyflag.net
  • Ranum, M. Network Flight Recorder, http://www.ranum.com/
  • Raynal, F., Berthier, Y., Biondi, P., and Kaminsky, D. 2004. Honeypot Forensics Part I: Analyzing the Network, IEEE Security & Privacy. 2 (4). (Jul - Aug 2004), 72-78.
  • Reith, M., Carr, C., and Gunsch, G. 2002. An examination of digital forensic models. International Journal of Digital Evidence. 1. 2002.
  • Ren, W. and Jin, H. 2005. Modeling the network forensics behaviors. In Proceedings of the 1st Int'l Conf. Security and Privacy for Emerging Areas in Communication Networks (Athens, Greece, 2005), 1-8
  • Shimeall, T., Faber, S., DeShon, M., Kompanek,. 2009. Using SiLK for Network Traffic Analysis, SiLK Analysts Handbook. (January, 2009).
  • SiLK, http://silktools.sourceforge.net/
  • SiLK, http://tools.netsa.cert.org/silk/
  • Sira, R. 2003. Network Forensics Analysis Tools: An Overview of an Emerging Technology. GSEC (1.4), 2003.
Article Correction Policy
Learn about the IJCA article correction policy and process
Copyright Infringement
Dealing with any form of copyright/ intellectual infringement.
Peer Review Quote
Excerpts from the book ‘Peer Review – A Critical Inquiry’ by David Shatz
Special Issue
Take advantage of the special issue on Network Security
Print/ hard copy request
Directly place requests for print/ hard copies of IJCA via Google Docs