Network traffic as a source of evidence: tool strengths, weaknesses, and future needs

Details

Ressource 1Download: 1-s2.0-S1742287603000033-main.pdf (1311.00 [Ko])
State: Public
Version: Final published version
Serval ID
serval:BIB_953F01B0CF3B
Type
Article: article from journal or magazin.
Collection
Publications
Title
Network traffic as a source of evidence: tool strengths, weaknesses, and future needs
Journal
Digital Investigation
Author(s)
Casey Eoghan
ISSN
1742-2876
Publication state
Published
Issued date
2004
Volume
1
Number
1
Pages
28-43
Language
english
Abstract
Digital investigators require specialized knowledge and tools to process network traffic as a source of evidence. Existing open source tools can be used for basic tasks in simple cases but lack the functionality of commercial tools that are specifically designed to process network traffic as evidence. These commercial tools reduce the amount of time and specialized technical knowledge required to examine large quantities of network traffic but even these tools are lacking from a forensic standpoint. This paper discusses the strengths and shortcomings of existing tools in the context of the overall digital investigation process—specifically the collection, documentation, preservation, examination and analysis stages. In addition to highlighting the capabilities of different tools, this paper familiarizes digital investigators with different aspects of network traffic as a source of evidence. Based on this discussion, a set of requirements is proposed for tools used to process network traffic as evidence in the hope that existing developers will enhance the capabilities of their tools to address the weaknesses.
Keywords
Network traffic, Network investigations, Digital evidence, Forensic examination, Computer crime
Create date
16/01/2019 22:48
Last modification date
20/08/2019 15:57
Usage data