Improving evidence acquisition from live network sources

Authors:
Bruce J. Nikkel
Affiliations:
Risk Control, UBS AG, CH-8098 Zurich, Switzerland
Venue:
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Year:
2006

Citing 5
Cited 4

Domain name forensics: a systematic approach to investigating an internet presence

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Digital provenance - interpretation, verification and corroboration

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Tool review: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Risk sensitive digital evidence collection

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Generalizing sources of live network evidence

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Deriving cse-specific live forensics investigation procedures from FORZA

Proceedings of the 2007 ACM symposium on Applied computing
Evidential notions of defensibility and admissibility with property preservation

iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
Source attribution for network address translated forensic captures

Digital Investigation: The International Journal of Digital Forensics & Incident Response
A portable network forensic evidence collector

Digital Investigation: The International Journal of Digital Forensics & Incident Response

Quantified Score

Hi-index	0.00

Visualization

Abstract

The pervasiveness of network technology is causing a shift in the location of digital evidence. What was once largely found on individual disks tied to single individuals is now becoming distributed across remote networked machines, under the control of multiple organizations, and scattered over multiple jurisdictions. The network interactions between these machines are also becoming recognized as a source of network evidence. These live network sources of evidence bring additional challenges which need to be addressed. This paper discusses these issues and suggests some improvements in the methods used for the collection of evidence from live network sources.