Network forensic frameworks: Survey and research challenges

Digital Investigation

Volumn 7, Issue 1-2, 2010, Pages 14-27

  Pilli, Emmanuel S ^a   Joshi, R C ^a   Niyogi, Rajdeep ^a  

^a INDIAN INSTITUTE OF TECHNOLOGY ROORKEE   (India)

Author keywords

Attribution; Data fusion; Distributed systems; Honeypots; Incident response; Network forensics; NFATs; Soft computing; Traceback

Indexed keywords

DATA FUSION; DISTRIBUTED COMPUTER SYSTEMS; FORENSIC SCIENCE; NETWORK SECURITY; SOFT COMPUTING; SURVEYS;

ATTRIBUTION; DISTRIBUTED SYSTEMS; HONEYPOTS; INCIDENT RESPONSE; NFATS; TRACEBACK;

DIGITAL FORENSICS;

EID: 78449249325     PISSN: 17422876     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.diin.2010.02.003     Document Type: Article

References (87)

1. Almulhem A. Network forensics: notions and challenges. In: Proceedings of the ninth IEEE international symposium on signal processing and information technology (ISSPIT 2009), UAE; Dec. 2009.
2. A. Almulhem, and I. Traore Experience with engineering a network forensics system Proceedings of the international conference on information networking (ICOIN 2005), Korea, LNCS 3391 2005 Springer-Verlag Berlin, Heidelberg 62 71
3. Anaya EA, Nakano-Miyatake M, Meana HMP. Network forensics with neurofuzzy techniques. In: Proceedings of the 52nd IEEE international Midwest symposium on circuits and systems (MWSCAS 2009); 2-5 Aug. 2009, p. 848-52.
4. Argus, http://www.qosient.com/argus.
5. Baryamureeba V, Tushabe F. The enhanced digital investigation process model. In: Proceedings of the fourth digital forensic research workshop (DFRWS); 2004.
6. N.L. Beebe, and J.G. Clark A hierarchical, objectives-based framework for the digital investigations process Digital Investigation (The International Journal of Digital Forensics & Incident Response) 2 2 Jun 2005 147 167
7. H. Berghel The discipline of Internet forensics Communications of the ACM 46 8 2003 15 20
8. Bro, http://www.bro-ids.org.
9. Broucek V, Turner P. Forensic computing: developing a conceptual approach for an emerging academic discipline. In: Fifth Australian Security Research Symposium; July 2001.
10. Carrier, and E.H. Spafford Getting physical with the digital investigation process International Journal of Digital Evidence 2 2 2003 1 20
11. E. Casey Network traffic as a source of evidence: tool strengths, weaknesses, and future needs Digital Investigation (The International Journal of Digital Forensics & Incident Response) 1 1 Feb. 2004 28 43
12. E. Casey, and G. Palmer The investigative process E. Casey, Digital evidence and computer crime 2004 Elsevier Academic Press
13. S.O. Ciardhuain An extended model of cybercrime investigations International Journal of Digital Evidence 3 1 2004
14. G.E. Clarke Network+ certification study guide 3rd ed. 2006 Osborne McGraw-Hill p. 339-89
15. M.I. Cohen PyFlag - an advanced network forensic platform Digital Investigation (The International Journal of Digital Forensics & Incident Response) 5 1 Sept. 2008 112 120
16. V. Corey, C. Peterman, S. Shearin, M.S. Greenberg, and J.V. Bokkelen Network forensics analysis IEEE Internet Computing 6 6 2002 60 66
17. DDOS attackers continue hitting Twitter, Facebook, Google, http://www.computerworld.com/s/article/9136402/.
18. Denial-of-service got Twitter. Is your network next?, http://news.cnet.com/8301-13846-3-10305241-62.html.
19. Flow-tools, http://www.splintered.net/sw/flow-tools.
20. Garfinkel S. Network forensics: tapping the Internet, http://www.oreillynet.com/pub/a/network/2002/04/26/nettap.html.
21. Y. Guan Network forensics Computer and information Security handbook 2009 Morgan Kaufmann Publishers 339 347
22. Infinistream, http://www.netscout.com/Products/infinistream.asp.
23. Iris, http://www.eeye.com/Iris.
24. ISO/IEC 27001. Information technology (security techniques, information security management, requirements), http://www.iso.org/iso/catalogue-detail.htm? csnumber=42103 ; 2005.
25. Khurana H, Basney J, Bakht M, Freemon M, Welch V, Butler R. Palantir: a framework for collaborative incident response and investigation. In: Proceedings of the eighth symposium on identity and trust on the Internet, Maryland; April 2009, p. 38-51.
26. J. Kim, M. Kim, and B.N. Noh A fuzzy expert system for network forensics Proceedings of the international conference on computational science applications (ICCSA 2004), LNCS 3043 2004 Springer 175 182
27. N. Liao, S. Tian, and T. Wang Network forensics based on fuzzy logic and expert system Computer Communications 32 17 Nov. 2009 1881 1892
28. Z. Liu, and D. Feng Incremental fuzzy decision tree-based network forensic system Proceedings of the international conference on computational intelligence and security (CIS 2005), LNAI 3802 2005 Springer 995 1002
29. K. Mandia, and C. Procise Incident response and computer forensics 2003 Osborne McGraw-Hill New York
30. Merkle LD. Automated network forensics. In: Proceedings of the conference on genetic and evolutionary computation (GECCO 2008); 2008, p. 1929-32
31. Mitropoulos S, Patsos D, Douligeris C. Network forensics: towards a classification of traceback mechanisms. In: Proceedings of the first international conference on security and privacy for emerging areas in communications networks (SecureComm 2005); Sept. 2005, p. 9-16.
32. S. Mukkamala, and A.H. Sung Identifying significant features for network forensic analysis using artificial intelligent techniques International Journal of Digital Evidence 1 4 2003
33. Nagesh A. Distributed network forensics using JADE mobile agent framework. Master's thesis. Department of Computing Studies, Arizona State University; 2007, http://www.technology.asu.edu/files/documents/tradeshow/Dec06/ asha-nagesh-report.pdf
34. Nessus, http://www.nessus.org.
35. NetDetector, http://www.niksun.com.
36. NetFlow, http://www.cisco.com/web/go/netflow.
37. Network forensics and digital time travel, http://www.technewsworld.com/ story/68651.html.
38. netForensics security compliance management, http://www.netforensics.com/ compliance.
39. NetIntercept, http://www.sandstorm.net.
40. NetWitness, http://www.netwitness.com.
41. NetworkMiner, http://networkminer.sourceforge.net.
42. NfDump, http://nfdump.sourceforge.net/.
43. Ngrep, http://ngrep.sourceforge.net.
44. B.J. Nikkel Generalizing sources of live network evidence Digital Investigation (The International Journal of Digital Forensics & Incident Response) 2 3 Sept. 2005 193 200
45. B.J. Nikkel A portable network forensic evidence collector Digital Investigation (The International Journal of Digital Forensics & Incident Response) 3 3 Sept. 2006 127 135
46. B.J. Nikkel An introduction to investigating IPv6 networks Digital Investigation (The International Journal of Digital Forensics & Incident Response) 4 2 June, 2007 59 67
47. Nmap, http://www.nmap.org.
48. Ntop, http://www.ntop.org.
49. OmniPeek, http://www.wildpackets.com.
50. P0f, http://www.lcamtuf.coredump.cx/p0f.shtml.
51. PADS, http://passive.sourceforge.net.
52. Palmer G. A road map for digital forensic research. In: First digital forensic research workshop (DFRWS 2001); 2001, p. 27-30.
53. S. Perry Network forensics and the inside job Network Security 2006 2006 11 13
54. PyFlag, http://www.pyflag.net
55. Ranum M. Network flight recorder, http://www.ranum.com/.
56. M. Reith, C. Carr, and G. Gunsch An examination of digital forensic models International Journal of Digital Evidence 1 2002 1 12
57. S. Rekhis, J. Krichene, and N. Boudriga DigForNet: digital forensic in networking Proceedings of the IFIP TC-11 23rd international information security conference, IFIP vol. 278 Sept. 2008 Springer 637-651
58. Ren W, Jin H. Modeling the network forensics behaviors. In: Proceedings of the first international conference on security and privacy for emerging areas in communication networks (SecureComm 2005); Sept. 2005a, p. 1-8.
59. Ren W, Jin H. Distributed agent-based real time network intrusion forensics system architecture design. In: Proceedings of the IEEE 19th international conference on advanced information networking applications (AINA 2005), p. 177-82.
60. Ren W. On the reference model of distributed cooperative network forensics system. In: Proceedings of the sixth international conference on information integration and web-based application & services (iiWAS2004), Jakarta, Indonesia; 2004a, p. 771-5.
61. Ren W. On a network forensics model for information security. In: Proceedings of the third international conference on information systems technology and its applications (ISTA 2004), June 15-17, 2004, Utah, USA, p. 229-34.
62. Sebek, http://projects.honeynet.org/sebek/.
63. K. Shanmugasundaram, N. Memon, A. Savant, and H. Bronnimann ForNet: a distributed forensics network Proceedings of the second international workshop on mathematical methods models and architectures for computer networks security (MMM-ACNS 2003), LNCS 2776 2003 Springer 1 16
64. SilentRunner, http://www.accessdata.com/silentrunner.html.
65. SiLK, http://tools.netsa.cert.org/silk/.
66. Sira R. Network forensics analysis tools: an overview of an emerging technology, GSEC, version 1.4; Jan. 2003.
67. Snort, http://www.snort.org.
68. Solera DS 5150, DeepSee, http://www.soleranetworks.com.
69. Tang Y, Daniels TE. A simple framework for distributed forensics. In: Proceedings of the 25th IEEE international conference on distributed computing systems (ICDCS 2005); June 2005, p.163-9.
70. TCPDstat, http://staff.washington.edu/dittrich/talks/core02/tools.
71. TCPDump, http://www.tcpdump.org.
72. TCPFlow, http://www.circlemud.org/jelson/software/tcpflow.
73. TCPReplay, http://tcpreplay.synfin.net/trac/.
74. TCPStat, http://www.frenchfries.net/paul/tcpstat.
75. TCPTrace, http://www.tcptrace.org.
76. TCPXtract, http://tcpxtract.sourceforge.net.
77. O. Thonnard, and M. Dacier A framework for attack patterns' discovery in honeynet data Digital Investigation (The International Journal of Digital Forensics & Incident Response) 5 1 Sept. 2008 128 139
78. Tweets fall silent as Twitter goes down for hours, http://articles. latimes.com/2009/aug/07/business/fi-twitter7.
79. Vandenberghe G. Network traffic exploration application: a tool to assess, visualize, and analyze network security events. In: Proceedings of the fifth international workshop on visualization for computer security; 2008
80. W. Wang, and T.E. Daniels A graph based approach towards network forensics analysis ACM Transactions on Information and System Security (TISSEC) 12 1 Oct. 2008
81. D. Wang, T. Li, S. Liu, J. Zhang, and C. Liu Dynamical network forensics based on immune agent Proceedings of the international conference on natural computation (ICNC 2007) vol. 3 Aug. 2007 651-656
82. Why is Twitter so vulnerable to DDoS attack?, http://www.crn.com/ security/219300104.
83. Wireshark, http://www.wireshark.org.
84. Xplico, http://www.xplico.org.
85. Yasinsac A, Manzano Y. Policies to enhance computer and network forensics. In: Proceedings of the IEEE workshop on information assurance and security, New York; 2001, p. 289-95.
86. Yasinsac A, Manzano Y. Honeytraps, a network forensic tool. In: Proceedings of the sixth multi-conference on systemics, cybernetics and informatics, Florida, USA; 2002.
87. Zhang Y, Ren Y, Wang J, Fang L. Network forensic computing based on ANN-PCA. In: Proceedings of the international conference on computational intelligence and security workshops (CISW 2007); 2007, p. 942-5.