Title :
Network forensics analysis
Author :
Corey, Vicka ; Peterman, Charles ; Shearin, Sybil ; Greenberg, Michael S. ; Van Bokkelen, James
Abstract :
Many tools let you view traffic in real time, but real-time monitoring at any level requires significant human and hardware resources, and doesn´t scale to networks larger than a single workgroup. It is generally more practical to archive all traffic and analyze subsets as necessary. This process is known as reconstructive traffic analysis, or network forensics. In practice, it is often limited to data collection and packet-level inspection; however, a network forensics analysis tool can provide a richer view of the data collected, allowing you to inspect the traffic from further up the protocol stack? The IT industry´s ever-growing concern with security is the primary motivation for network forensics. A network that has been prepared for forensic analysis is easy to monitor, and security vulnerabilities and configuration problems can be conveniently identified. It also allows the best possible analysis of security violations. Most importantly, analyzing a complete record of your network traffic with the appropriate reconstructive tools provides context for other breach-related events.
Keywords :
computer networks; security of data; telecommunication security; breach-related events; configuration problems; data collection; network forensics analysis tool; packet-level inspection; protocol stack; reconstructive traffic analysis; security; security violations; security vulnerabilities; Data security; Electronic mail; Forensics; Information security; Intrusion detection; Law; Monitoring; Physical layer; Protocols; Telecommunication traffic;
Journal_Title :
Internet Computing, IEEE
DOI :
10.1109/MIC.2002.1067738
