Experience with engineering a network forensics system

Authors:
Ahmad Almulhem;Issa Traore
Affiliations:
ISOT Research Lab, University of Victoria, Canada;ISOT Research Lab, University of Victoria, Canada
Venue:
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
Year:
2005

Citing 3
Cited 1

Intrusion detection systems as evidence

Computer Networks: The International Journal of Computer and Telecommunications Networking
Implementing a Generalized Tool for Network Monitoring

LISA '97 Proceedings of the 11th Conference on Systems Administration
The discipline of Internet forensics

Communications of the ACM - Program compaction

Network forensic frameworks: Survey and research challenges

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network Forensics is an important extension to the model of network security where emphasis is traditionally put on prevention and to a lesser extent on detection. It focuses on the capture, recording, and analysis of network packets and events for investigative purposes. It is a young field for which very limited resources are available. In this paper, we briefly survey the state of the art in network forensics and report our experience with building and testing a network forensics system.