Intrusion detection systems as evidence
Computer Networks: The International Journal of Computer and Telecommunications Networking
Digital Evidence and Computer Crime
Digital Evidence and Computer Crime
A Simple Framework for Distributed Forensics
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Tool review - remote forensic preservation and examination tools
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Deploying forensic tools via PXE
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Formalization of computer input and output: the Hadley model
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Tool review: Network traffic as a source of evidence: tool strengths, weaknesses, and future needs
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Building theoretical underpinnings for digital forensics research
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A hardware-based memory acquisition procedure for digital investigations
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Deriving cse-specific live forensics investigation procedures from FORZA
Proceedings of the 2007 ACM symposium on Applied computing
On Teaching TCP/IP Protocol Analysis to Computer Forensics Examiners
Journal of Digital Forensic Practice
Network forensic frameworks: Survey and research challenges
Digital Investigation: The International Journal of Digital Forensics & Incident Response
A portable network forensic evidence collector
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Improving evidence acquisition from live network sources
Digital Investigation: The International Journal of Digital Forensics & Incident Response
| Hi-index | 0.00 |
This paper suggests combining the capture of network traffic and the collection of data from remote network services into a more general acquisition category of live network evidence sources. These two evidence sources exhibit many similarities, collected data share the same basic characteristics, and the acquisition architectures used for collection are very similar. When viewed from a more abstract perspective they can be described in the same terms. The OSI model's layered approach to networking can be used to help bring these two branches of network evidence together, organizing and reducing the complexity found in live network acquisition. The concept of an acquisition window is also introduced as a fundamental variable in live network acquisition.