1 / 7

Network Forensics

Network Forensics. What is it?. Remote data acquisition (disk capture) Remote collection of live systems (memory) Traffic acquisition (cables and devices) Multiple examiners viewing single source. Technical. Current tools don’t cut it Validation – integrity of data

gibby
Télécharger la présentation

Network Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Forensics

  2. What is it? • Remote data acquisition (disk capture) • Remote collection of live systems (memory) • Traffic acquisition (cables and devices) • Multiple examiners viewing single source

  3. Technical • Current tools don’t cut it • Validation – integrity of data • Multiple machine functions (network devices) • Traffic Capture (non TCP/UDP) • Data loss due to high traffic volumes • Content ID and analysis (VoIP, IM) • Traffic pattern recognition • Data reduction • Attribution (IP forgery, onion routing) • False Positives • Dynamic systems • Speed and minimal system impact is a priority

  4. Legal • Privacy Issues • Commingling of data • Jurisdiction • Interstate Warrants

  5. Policy • Banners and policy statements • Logging requirements • Third party tools to meet our needs? • Pressure device vendors? • Bill of rights • Balance need for attribution with individual rights

  6. Short Term Goals • Define network forensics • Tools • Capture • Analysis (data normalization, visualization and mining) • Attribution • Process • Best practices • Guidelines for various devices/situations

  7. Long Term Goals • Persuade Industry Provide Monitoring Ability • OS development to enable capture of volatile data • OS development to minimize commingling

More Related