Modeling the network forensics behaviors

Network forensics is a new coming approach to the network security. However, this field is not very clear to the new researchers. In this paper, we discuss the network forensics behaviors systematically from both the technical view and legal view. The goal of discussion is to outline the formalization and standardization of the network forensics behaviors. To our knowledge, this is the first time to comprehensively discuss the network forensics model and its fundamental fields, such as taxonomy, conceptual model, legal principles, key techniques, canonical processes and its accessory facilities and systems - network forensics system architecture and deployment. These discussions will give the guidance to the standardization of network forensics processes and the implementation of prototype system.

[1]  Stephen G. MacDonell,et al.  Forensics : : old methods for a new science , 2004 .

[2]  Hongxia Jin,et al.  Forensic analysis for tamper resistant software , 2003, 14th International Symposium on Software Reliability Engineering, 2003. ISSRE 2003..

[3]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[4]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[5]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[6]  George M. Mohay,et al.  Mining e-mail content for author identification forensics , 2001, SGMD.

[7]  Kellep A. Charles Decoy Systems: A New Player in Network Security and Computer Incident Response , 2004, Int. J. Digit. EVid..

[8]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[9]  Fang-Yie Leu,et al.  A host-based real-time intrusion detection system with data mining and forensic techniques , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[10]  Frédéric Raynal,et al.  Honeypot Forensics Part I: Analyzing the Network , 2004, IEEE Secur. Priv..

[11]  Alec Yasinsac,et al.  Policies to Enhance Computer and Network Forensics , 2001 .

[12]  Ibrahim Matta,et al.  On the geographic location of internet resources , 2002, IMW '02.

[13]  Michael S. Greenberg,et al.  Network Forensics Analysis , 2002, IEEE Internet Comput..

[14]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[15]  Hal Berghel The discipline of Internet forensics , 2003, CACM.

[16]  A. Patel,et al.  The impact of forensic computing on telecommunications , 2000 .

[17]  Lakshminarayanan Subramanian,et al.  An investigation of geographic mapping techniques for internet hosts , 2001, SIGCOMM.

[18]  Brian D. Carrier Defining Digital Forensic Examination and Analysis Tool Using Abstraction Layers , 2003, Int. J. Digit. EVid..

[19]  Ikuo Takahashi Legal system and computer forensics business , 2004, 2004 International Symposium on Applications and the Internet Workshops. 2004 Workshops..

[20]  Brian D. Carrier,et al.  A recursive session token protocol for use in computer forensics and TCP traceback , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[21]  Tamas Abraham,et al.  Investigative profiling with computer forensic log data and association rules , 2002, 2002 IEEE International Conference on Data Mining, 2002. Proceedings..

[22]  Clay Shields,et al.  Tracing the Source of Network Attack: A Technical, Legal and Societal Problem , 2001 .

[23]  Joseph Grand pdd: Memory Imaging and Forensic Analysis of Palm OS Devices , 2002 .