Active traffic capture for network forensics

被引：0

作者：

Slaviero, Marco ^{[1
]}

Granova, Anna ^{[1
]}

Olivier, Martin ^{[1
]}

机构：

[1] Univ Pretoria, ZA-0002 Pretoria, South Africa

来源：

ADVANCES IN DIGITAL FORENSICS II | 2006年 / 222卷

关键词：

network forensics; active traffic capture; TCP retransmission;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Network traffic capture is an integral part of network forensics, but current traffic capture techniques are typically passive in nature. Under heavy loads, it is possible for a sniffer to miss packets, which affects the quality of forensic evidence. This paper explores means for active capture of network traffic. In particular, it examines how traffic capture can influence the stream under surveillance so that no data is lost. A tool that forces TCP retransmissions is presented. The paper also provides a legal analysis-based on United States and South African laws-which shows that few legal obstacles are faced by traffic capture techniques that force attackers to retransmit data.

引用

页码：215 / +

页数：4

共 50 条

[31] How to detect cryptocurrency miners? By traffic forensics!
Vesely, Vladimir
Zadnik, Martin
[J]. DIGITAL INVESTIGATION, 2019, 31
[32] Network forensics on packet fingerprints
Cho, Chia Yuan
Lee, Sin Yeung
Tan, Chung Pheng
Tan, Yong Tai
[J]. SECURITY AND PRIVACY IN DYNAMIC ENVIRONMENTS, 2006, 201 : 401 - +
[33] Network Forensics: Today and Tomorrow
Shrivastava, Gulshan
Sharma, Kavita
Kumari, Reema
[J]. PROCEEDINGS OF THE 10TH INDIACOM - 2016 3RD INTERNATIONAL CONFERENCE ON COMPUTING FOR SUSTAINABLE GLOBAL DEVELOPMENT, 2016, : 2234 - 2238
[34] An architecture for SCADA network forensics
Kilpatrick, T.
Gonzalez, J.
Chandia, R.
Papa, M.
Shenoi, S.
[J]. ADVANCES IN DIGITAL FORENSICS II, 2006, 222 : 273 - +
[35] Network forensics and challenges for cybersecurity
Wojciech Mazurczyk
Krzysztof Szczypiorski
Hui Tian
[J]. annals of telecommunications - annales des télécommunications, 2014, 69 : 345 - 346
[36] The application research on network forensics
[J]. Jingfang, H. (jdzhjf@163.com), 1600, Bentham Science Publishers B.V., P.O. Box 294, Bussum, 1400 AG, Netherlands (05):
[37] Network Forensics with Neurofuzzy Techniques
Aguirre Anaya, Eleazar
Nakano-Miyatake, Mariko
Perez Meana, Hector Manuel
[J]. 2009 52ND IEEE INTERNATIONAL MIDWEST SYMPOSIUM ON CIRCUITS AND SYSTEMS, VOLS 1 AND 2, 2009, : 848 - 852
[38] Network Forensics: Notions and Challenges
Almulhem, Ahmad
[J]. 2009 IEEE INTERNATIONAL SYMPOSIUM ON SIGNAL PROCESSING AND INFORMATION TECHNOLOGY (ISSPIT 2009), 2009, : 463 - 466
[39] Network monitoring for security and forensics
Shanmugasundaram, Kulesh
Memon, Nasir
[J]. INFORMATION SYSTEMS SECURITY, PROCEEDINGS, 2006, 4332 : 56 - +
[40] ForNet: A distributed forensics network
Shanmugasundaram, K
Memon, N
Savant, A
Bronnimann, H
[J]. COMPUTER NETWORK SECURITY, 2003, 2776 : 1 - 16

← 1 2 3 4 5 →