IEEE Internet Computing
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime
Investigating sophisticated security breaches
Communications of the ACM - Next-generation cyber forensics
Inferring the source of encrypted HTTP connections
Proceedings of the 13th ACM conference on Computer and communications security
On Teaching TCP/IP Protocol Analysis to Computer Forensics Examiners
Journal of Digital Forensic Practice
Quality assurance for evidence collection in network forensics
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Quality assurance evidence collection model for MSN forensics
Journal of Intelligent Manufacturing
The network data handling war: MySQL vs. NfDump
EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Source attribution for network address translated forensic captures
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Network forensic frameworks: Survey and research challenges
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A portable network forensic evidence collector
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Improving evidence acquisition from live network sources
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Generalizing sources of live network evidence
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.00 |
Digital investigators require specialized knowledge and tools to process network traffic as a source of evidence. Existing open source tools can be used for basic tasks in simple cases but lack the functionality of commercial tools that are specifically designed to process network traffic as evidence. These commercial tools reduce the amount of time and specialized technical knowledge required to examine large quantities of network traffic but even these tools are lacking from a forensic standpoint. This paper discusses the strengths and shortcomings of existing tools in the context of the overall digital investigation process-specifically the collection, documentation, preservation, examination and analysis stages. In addition to highlighting the capabilities of different tools, this paper familiarizes digital investigators with different aspects of network traffic as a source of evidence. Based on this discussion, a set of requirements is proposed for tools used to process network traffic as evidence in the hope that existing developers will enhance the capabilities of their tools to address the weaknesses.