Title :
Network forensics in a clean-slate Internet architecture
Author :
Strauss, Tobias ; Olivier, Martin S.
Author_Institution :
Dept. of Comput. Sci., Univ. of Pretoria, Pretoria, South Africa
Abstract :
This paper reflects on the network forensic implication of a specific clean-slate future internetwork architecture. The paper first provides an overview of the architecture and how it compares to the well-established TCP/IP model. The architecture´s network forensic features are then considered. The architecture´s approach to naming and addressing fundamentally differs from the approach used in the current Internet. Great care is taken to distinguish between names and addresses. Names are used to identify entities and generally have a large scope. Addresses, however, are used to locate entities within a limited scope and are consequently not necessarily globally significant. These properties in particular create additional challenges when capturing and analysing network traffic as evidence. The paper shows that the architecture is well-suited for a distributed systems approach to forensics and that the network architecture increases the potential sources of reliable evidence.
Keywords :
IP networks; Internet; computer forensics; transport protocols; TCP/IP model; architecture network forensic; clean slate Internet architecture; distributed systems approach; network forensic implication; network traffic analysis; Computer architecture; Forensics; Internet; Protocols; Relays; Resource management; Routing; Future Internet; RINA; digital forensics;
Conference_Titel :
Information Security South Africa (ISSA), 2011
Conference_Location :
Johannesburg
Print_ISBN :
978-1-4577-1481-8
DOI :
10.1109/ISSA.2011.6027506
