Skip to main content
SpringerLink
Log in

Automating MAC Spoofer Evidence Gathering and Encoding for Investigations

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8930))

Included in the following conference series:

Abstract

Following up on the previous work, we elaborate on the details of the design and implementation of the live and dead digital evidence gathering and its encoding into Forensic Lucid by the corresponding MAC Spoofer Analyzer’s (MSA’s) components in an actual operational environment. We monitor over a 1000 analyst-managed computers on the Faculty’s network to help network system administrators in daily network security monitoring. The common Forensic Lucid evidence encoding format represents a consistent evidence representation and allows specification of reasoning functions over the evidence in a context-oriented manner.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alexander, I.: Misuse Cases: Use Cases with hostile intent, November 2002. http://www-dse.doc.ic.ac.uk/Events/BCS-RESG/Aleksander.pdf

  2. Assels, M.J., Echtner, D., Spanner, M., Mokhov, S.A., Carrière, F., Taveroff, M.: Multifaceted faculty network design and management: practice and experience. In: Desai, B.C., Abran, A., Mudur, S. (eds.) Proceedings of C\(^{3}\)S\(^{2}\)E 2011, pp. 151–155. ACM, New York, May 2010–2011. short paper; full version online at http://www.arxiv.org/abs/1103.5433

  3. Bejtlich, R.: The Tao of Network Security: Beyond Intrusion Detection. Addison-Wesley, New York (2005). ISBN: 0-321-24677-2

    Google Scholar 

  4. van den Berg, S.R., Guenther, P.A.: procmail v3.22, September 2001. http://www.procmail.org/

  5. Carrier, B.D.: Risks of live digital forensic analysis. Commun. ACM 49(2), 57–61 (2006). http://www.d.umn.edu/~schw0748/DigitalForensics/p56-carrier.pdf

  6. Cisco Systems Inc: Catalyst 2950 Switch Hardware Installation Guide, October 2003

    Google Scholar 

  7. Clark, K., Hamilton, K.: Cisco LAN Switching. Cisco Press (1999). ISBN: 1-57870-094-9

    Google Scholar 

  8. Day, J.D.: The (un)revised OSI reference model. SIGCOMM Comput. Commun. Rev. 25(5), 39–55 (1995)

    Article  Google Scholar 

  9. McDougal, M.: Live forensics on a Windows system: using Windows Forensic Toolchest (WFT) (2003–2006). http://www.foolmoon.net/downloads/Live_Forensics_Using_WFT.pdf

  10. Mokhov, S.A.: Intensional Cyberforensics. Ph.D. thesis, Department of Computer Science and Software Engineering, Concordia University, Montreal, Canada, September 2013. http://arxiv.org/abs/1312.0466

  11. Mokhov, S.A., Assels, M.J., Paquet, J., Debbabi, M.: Toward automated MAC spoofer investigations. In: Proceedings of C3S2E 2014, pp. 179–184. ACM, August 2014 (short paper)

    Google Scholar 

  12. Odom, W.: CCENT/CCNA ICND1: 640–822 Official Cert Guide, 3rd edn. Cisco Press (2012). ISBN: 978-1-58720-425-8

    Google Scholar 

  13. Odom, W.: CCNA ICND2: 640–816 Official Cert Guide, 3rd edn. Cisco Press (2012). ISBN: 978-1-58720-435-7

    Google Scholar 

  14. Pearce, C.: Computing forensics: a live analysis, April 2005. http://www.linux.org.au/conf/2005/security_miniconf/presentations/crpearce-lca2005.pdf

  15. Plummer, D.C.: RFC 826: An Ethernet Address Resolution Protocol, November 1982. http://tools.ietf.org/html/rfc826, viewed in December 2012

  16. QoSient, LLC.: Argus: Auditing network activity (2000–2013). http://www.qosient.com/argus/

  17. RJK: Regexp syntax summary, June 2002. http://www.greenend.org.uk/rjk/2002/06/regexp.html, last viewed May 2008

  18. Tanenbaum, A.S., Wetherall, D.J.: Computer Networks, 5th edn. Prentice Hall (2011). ISBN: 978-0-13-212695-3

    Google Scholar 

  19. Vincent, J., Rolsky, D., Chamberlain, D., Foley, R., Spier, R.: RT Essentials. O’Reilly Media, Inc., August 2005

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Software Engineering, Concordia University, Montreal, QC, Canada

    Serguei A. Mokhov & Joey Paquet

  2. Concordia Institute for Information Systems Engineering, Montreal, QC, Canada

    Mourad Debbabi

  3. NCFTA Canada, Montreal, QC, Canada

    Serguei A. Mokhov & Mourad Debbabi

  4. Faculty of Engineering and Computer Science Concordia University, Montreal, QC, Canada

    Serguei A. Mokhov, Michael J. Assels, Joey Paquet & Mourad Debbabi

Authors
  1. Serguei A. Mokhov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael J. Assels
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joey Paquet
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mourad Debbabi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Serguei A. Mokhov .

Editor information

Editors and Affiliations

  1. TELECOM Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. TELECOM SudParis, Evry, France

    Joaquin Garcia-Alfaro

  3. Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir Heywood

  4. University of Calgary, Calgary, Canada

    Philip W. L. Fong

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Mokhov, S.A., Assels, M.J., Paquet, J., Debbabi, M. (2015). Automating MAC Spoofer Evidence Gathering and Encoding for Investigations. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17040-4_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17039-8

  • Online ISBN: 978-3-319-17040-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation