Active traffic capture for network forensics

被引：0

作者：

Slaviero, Marco ^{[1
]}

Granova, Anna ^{[1
]}

Olivier, Martin ^{[1
]}

机构：

[1] Univ Pretoria, ZA-0002 Pretoria, South Africa

来源：

ADVANCES IN DIGITAL FORENSICS II | 2006年 / 222卷

关键词：

network forensics; active traffic capture; TCP retransmission;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Network traffic capture is an integral part of network forensics, but current traffic capture techniques are typically passive in nature. Under heavy loads, it is possible for a sniffer to miss packets, which affects the quality of forensic evidence. This paper explores means for active capture of network traffic. In particular, it examines how traffic capture can influence the stream under surveillance so that no data is lost. A tool that forces TCP retransmissions is presented. The paper also provides a legal analysis-based on United States and South African laws-which shows that few legal obstacles are faced by traffic capture techniques that force attackers to retransmit data.

引用

页码：215 / +

页数：4

共 50 条

[1] Characterising Network Traffic for Skype Forensics
Azab, Ahmad
Watters, Paul
Layton, Robert
[J]. 2012 THIRD CYBERCRIME AND TRUSTWORTHY COMPUTING WORKSHOP (CTC 2012), 2012, : 19 - 27
[2] TRAFFIC CLASSIFICATION AND APPLICATION IDENTIFICATION IN NETWORK FORENSICS
Pluskal, Jan
Lichtner, Ondrej
Rysavy, Ondrej
[J]. ADVANCES IN DIGITAL FORENSICS XIV, 2018, 532 : 161 - 181
[3] Network Forensics for Encrypted SCADA Device Programming Traffic
Mellish, Robert
Graham, Scott
Dunlap, Stephen
[J]. PROCEEDINGS OF THE 16TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY (ICCWS 2021), 2021, : 465 - 472
[4] Hviz: HTTP(S) traffic aggregation and visualization for network forensics
Gugelmann, David
Gasser, Fabian
Ager, Bernhard
Lenders, Vincent
[J]. DIGITAL INVESTIGATION, 2015, 12 : S1 - S11
[5] A Matrix-Based Visualization System for Network Traffic Forensics
Shi, Ronghua
Yang, Mengjie
Zhao, Ying
Zhou, Fangfang
Huang, Wei
Zhang, Sheng
[J]. IEEE SYSTEMS JOURNAL, 2016, 10 (04): : 1350 - 1360
[6] PACKTER: implementation of internet traffic visualizer and extension for network forensics
Daisuke Miyamoto
Takuji Iimura
[J]. Computing, 2014, 96 : 79 - 80
[7] PACKTER: implementation of internet traffic visualizer and extension for network forensics
Miyamoto, Daisuke
Iimura, Takuji
[J]. COMPUTING, 2014, 96 (01) : 79 - 80
[8] PCANT: Programmable Capture and Analysis of Network Traffic
Varloot, Remi
Noirie, Ludovic
[J]. 2023 26TH CONFERENCE ON INNOVATION IN CLOUDS, INTERNET AND NETWORKS AND WORKSHOPS, ICIN, 2023,
[9] Web attack forensics based on network traffic behavior characteristics and URLs
Sun, Guozi
Zhu, Lei
Li, Huakang
Li, Wenjun
[J]. 2018 15TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED VIDEO AND SIGNAL BASED SURVEILLANCE (AVSS), 2018, : 550 - 555
[10] Application of growing hierarchical SOM for visualisation of network forensics traffic data
Paloma, E. J.
North, J.
Elizondo, D.
Luque, R. M.
Watson, T.
[J]. NEURAL NETWORKS, 2012, 32 : 275 - 284

← 1 2 3 4 5 →