Network traffic as a source of evidence: tool strengths, weaknesses, and future needs
Détails
Télécharger: 1-s2.0-S1742287603000033-main.pdf (1311.00 [Ko])
Etat: Public
Version: Final published version
Etat: Public
Version: Final published version
ID Serval
serval:BIB_953F01B0CF3B
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Institution
Titre
Network traffic as a source of evidence: tool strengths, weaknesses, and future needs
Périodique
Digital Investigation
ISSN
1742-2876
Statut éditorial
Publié
Date de publication
2004
Volume
1
Numéro
1
Pages
28-43
Langue
anglais
Résumé
Digital investigators require specialized knowledge and tools to process network traffic as a source of evidence. Existing open source tools can be used for basic tasks in simple cases but lack the functionality of commercial tools that are specifically designed to process network traffic as evidence. These commercial tools reduce the amount of time and specialized technical knowledge required to examine large quantities of network traffic but even these tools are lacking from a forensic standpoint. This paper discusses the strengths and shortcomings of existing tools in the context of the overall digital investigation process—specifically the collection, documentation, preservation, examination and analysis stages. In addition to highlighting the capabilities of different tools, this paper familiarizes digital investigators with different aspects of network traffic as a source of evidence. Based on this discussion, a set of requirements is proposed for tools used to process network traffic as evidence in the hope that existing developers will enhance the capabilities of their tools to address the weaknesses.
Mots-clé
Network traffic, Network investigations, Digital evidence, Forensic examination, Computer crime
Site de l'éditeur
Création de la notice
16/01/2019 21:48
Dernière modification de la notice
20/08/2019 14:57