Experience with Engineering a Network Forensics System

Almulhem, Ahmad; Traore, Issa

doi:10.1007/978-3-540-30582-8_7

Experience with Engineering a Network Forensics System

Ahmad Almulhem¹⁷ &
Issa Traore¹⁷

Conference paper

1020 Accesses
8 Citations

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3391))

Abstract

Network Forensics is an important extension to the model of network security where emphasis is traditionally put on prevention and to a lesser extent on detection. It focuses on the capture, recording, and analysis of network packets and events for investigative purposes. It is a young field for which very limited resources are available. In this paper, we briefly survey the state of the art in network forensics and report our experience with building and testing a network forensics system.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Richardson, R.: 2003 csi/fbi computer crime and security survey (2003)
Google Scholar
Ranum, M.: Network forensics: Network traffic monitoring. NFR Inc. (1997)
Google Scholar
Ranum, M., et al.: Implementing a generalized tool for network monitoring. In: Proceedings of the Eleventh Systems Administration Conference (LISA 1997) (1997)
Google Scholar
searchSecurity.com: Definitions, http://www.searchsecurity.techtarget.com
Sommer, P.: Intrusion detection systems as evidence. Computer Net. 31 (1999)
Google Scholar
Brezinski, D., Killalea, T.: Guidelines for evidence collection and archiving. BCP 55, RFC 3227 (2002)
Google Scholar
Fennelly, C.: Analysis: The forensics of internet security. SunWorld (2000)
Google Scholar
Berghel, H.: The discipline of internet forensics. Comm. of the ACM (2003)
Google Scholar
King, N., Weiss, E.: Analyze this! Information Security Magazine (2002)
Google Scholar
Balas, E.: Know Your Enemy: Sebek. Honeynet Project (2003)
Google Scholar
Spitzner, L.: Honeynetproject, http://www.honeynet.org
Roesch, M., Green, C.: Snort Users Manual (2003)
Google Scholar
MySQL, http://www.mysql.com
Danyliw, R.: Analysis console for intrusion databases, acidlab.sourceforge.net
tcpdump/libpcap, http://www.tcpdump.org

Download references

Author information

Authors and Affiliations

ISOT Research Lab, University of Victoria, Canada
Ahmad Almulhem & Issa Traore

Authors

Ahmad Almulhem
View author publications
You can also search for this author in PubMed Google Scholar
Issa Traore
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science and Engineering, Pohang University of Science and Technology (POSTECH), San 31 HyoJa-Dong, Nam-Gu, 790-784, Pohang, Korea
Cheeha Kim

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Almulhem, A., Traore, I. (2005). Experience with Engineering a Network Forensics System. In: Kim, C. (eds) Information Networking. Convergence in Broadband and Mobile Networking. ICOIN 2005. Lecture Notes in Computer Science, vol 3391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30582-8_7

Download citation

DOI: https://doi.org/10.1007/978-3-540-30582-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24467-7
Online ISBN: 978-3-540-30582-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics