Download Network Forensics

yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

3D optical data storage wikipedia, lookup

Business intelligence wikipedia, lookup

Open data in the United Kingdom wikipedia, lookup

Data vault modeling wikipedia, lookup

Data model wikipedia, lookup

Information privacy law wikipedia, lookup

Data analysis wikipedia, lookup

Data center wikipedia, lookup

Expense and cost recovery system (ECRS) wikipedia, lookup

Network Forensics
What is it?
► Remote
data acquisition (disk capture)
► Remote collection of live systems (memory)
► Traffic acquisition (cables and devices)
► Multiple examiners viewing single source
Current tools don’t cut it
Validation – integrity of data
Multiple machine functions (network devices)
Traffic Capture (non TCP/UDP)
Data loss due to high traffic volumes
Content ID and analysis (VoIP, IM)
Traffic pattern recognition
Data reduction
Attribution (IP forgery, onion routing)
False Positives
Dynamic systems
 Speed and minimal system impact is a priority
► Privacy
 Commingling of data
► Jurisdiction
 Interstate Warrants
► Banners
and policy statements
► Logging requirements
 Third party tools to meet our needs?
 Pressure device vendors?
► Bill
of rights
 Balance need for attribution with individual
Short Term Goals
► Define
network forensics
► Tools
 Capture
 Analysis (data normalization, visualization and
 Attribution
► Process
 Best practices
 Guidelines for various devices/situations
Long Term Goals
► Persuade
Industry Provide Monitoring Ability
► OS development to enable capture of
volatile data
► OS development to minimize commingling