Analysis of firewall log-based detection scenarios for evidence in digital forensics

With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1) admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts; 2) weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack.

[1]  Peter Sommer,et al.  Intrusion detection systems as evidence , 1999, Comput. Networks.

[2]  Eoghan Casey,et al.  Digital Evidence and Computer Crime , 2000 .

[3]  Atif Ahmad,et al.  The forensic chain-of-evidence model: Improving the process of evidence collection in incident handling procedures , 2002 .

[4]  Albert Marcella,et al.  Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes , 2002 .

[5]  R. Jones,et al.  Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet , 2003, Int. J. Law Inf. Technol..

[6]  Erin Kenneally Digital logs - proof matters , 2004, Digit. Investig..

[7]  John R. Vacca,et al.  Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Networking Series) , 2005 .

[8]  John R. Vacca,et al.  Computer Forensics , 2005 .

[9]  John R. Vacca,et al.  Computer Forensics: Computer Crime Scene Investigation (Networking Series) (Networking Series) , 2005 .

[10]  Chris Reed,et al.  Computer Law: The Law and Regulation of Information Technology , 2007 .

[11]  Mark M. Pollitt The Digital Crime Scene , 2008 .

[12]  Hamid Jahankhani,et al.  Global E-Security , 2008 .

[13]  Sitalakshmi Venkatraman,et al.  EFFECTIVE DIGITAL FORENSIC ANALYSIS OF THE NTFS DISK IMAGE , 2009 .

[14]  Uffe Kock Wiil,et al.  Digital Forensics and Crime Investigation: Legal Issues in Prosecution at National Level , 2010, 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[15]  S. Venkatraman A Framework for ICT Security Policy Management , 2011 .

[16]  Paul A. Watters,et al.  Cybercrime: The Case of Obfuscated Malware , 2011, ICGS3/e-Democracy.

[17]  Eoghan Casey,et al.  Digital Evidence and Computer Crime - Forensic Science, Computers and the Internet, 3rd Edition , 2011 .

[18]  Ameer Al-Nemrat,et al.  Examination of Cyber-criminal Behaviour , 2012 .