Title :
Application Layer Information Forensics Based on Packet Analysis
Author :
Guo, Ruining ; Cao, Tianjie ; Luo, Xuan
Author_Institution :
Sch. of Comput. Sci. & Technol., China Univ. of Min. & Technol., Xuzhou, China
Abstract :
The work presented in this paper focuses on acquiring the original illegal information hidden in the network data traffic, to provide reliable digital evidence for the network crime cases. Directing toward the data transmission based on Web service, the paper designed a total-part type forensics modal, and implemented a passive network forensics system under the windows system. The technology and methods we applied are referred to as packet capture, packet filtration, protocol analysis, application date regeneration and so on. The system captures, disassembles, identifies and recombines the network information flow, restores the data into a standard format and makes the plaintext information of application layer reappear at last. The result of appraisal and application indicates the system can gain original transparent digital evidence and satisfy network forensics requirements, which provides strong support for solving the network crime cases.
Keywords :
Web services; computer forensics; data communication; Web service; Windows system; application date regeneration; application layer information forensics; data transmission; illegal information; network crime; network data traffic; packet analysis; packet capture; packet filtration; passive network forensics system; protocol analysis; reliable digital evidence; Data mining; Data models; Forensics; IP networks; Information filters; Protocols; application layer; data packet; information regeneration; network forensics;
Conference_Titel :
Information Science and Management Engineering (ISME), 2010 International Conference of
Conference_Location :
Xi´an
Print_ISBN :
978-1-4244-7669-5
Electronic_ISBN :
978-1-4244-7670-1
DOI :
10.1109/ISME.2010.20
