论文信息 - Network Forensics in GSE Overlay Networks

Network Forensics in GSE Overlay Networks

The importance of captured network traffic as a data-source for law enforcement crime investigation has increased because many devices are Internet-enabled and the data communication might yield crucial evidence for an investigation. There are many points in the Internet Service Provider's infrastructure where the network traffic might be captured. One of them is a satellite connection, DVB-S2, which use Generic Stream Encapsulation (GSE) protocol that carries IP traffic. Current tools for network traffic forensic analysis do not support GSE. In this paper, we describe principles of GSE, methods for GSE traffic analysis and the extension for an existing network forensic tool that performs GSE traffic processing and extraction of encapsulated communication.

Jan Pluskal | Ondrej Rysavý | Martin Vondrácek

[1] Generic Stream Encapsulation ( GSE ) implementation guidelines , .

[2] Simson L. Garfinkel,et al. Digital forensics research: The next 10 years , 2010, Digit. Investig..

[3] Nicole Beebe,et al. Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[4] Rajdeep Niyogi,et al. Network forensic frameworks: Survey and research challenges , 2010, Digit. Investig..

[5] Michael Cohen,et al. PyFlag - An advanced network forensic framework , 2008, Digit. Investig..

[6] David K. Chiabi. European Telecommunications Standards Institute , 2015 .

[7] Eoghan Casey,et al. Network traffic as a source of evidence: tool strengths, weaknesses, and future needs , 2004, Digit. Investig..

[8] Jan Pluskal,et al. Advanced Techniques for Reconstruction of Incomplete Network Data , 2015, ICDF2C.

[9] Ibrahim M. Baggili,et al. A cyber forensics needs analysis survey: Revisiting the domain's needs a decade later , 2016, Comput. Secur..