Download Network Forensics

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

3D optical data storage wikipedia, lookup

Business intelligence wikipedia, lookup

Open data in the United Kingdom wikipedia, lookup

Data vault modeling wikipedia, lookup

Data model wikipedia, lookup

Information privacy law wikipedia, lookup

Data analysis wikipedia, lookup

Data center wikipedia, lookup

Expense and cost recovery system (ECRS) wikipedia, lookup

Transcript
Network Forensics
What is it?
► Remote
data acquisition (disk capture)
► Remote collection of live systems (memory)
► Traffic acquisition (cables and devices)
► Multiple examiners viewing single source
Technical
►
Current tools don’t cut it









►
Validation – integrity of data
Multiple machine functions (network devices)
Traffic Capture (non TCP/UDP)
Data loss due to high traffic volumes
Content ID and analysis (VoIP, IM)
Traffic pattern recognition
Data reduction
Attribution (IP forgery, onion routing)
False Positives
Dynamic systems
 Speed and minimal system impact is a priority
Legal
► Privacy
Issues
 Commingling of data
► Jurisdiction
 Interstate Warrants
Policy
► Banners
and policy statements
► Logging requirements
 Third party tools to meet our needs?
 Pressure device vendors?
► Bill
of rights
 Balance need for attribution with individual
rights
Short Term Goals
► Define
network forensics
► Tools
 Capture
 Analysis (data normalization, visualization and
mining)
 Attribution
► Process
 Best practices
 Guidelines for various devices/situations
Long Term Goals
► Persuade
Industry Provide Monitoring Ability
► OS development to enable capture of
volatile data
► OS development to minimize commingling