This is the summary of Research paper published in Sciencedirect.com
Network Forensic is the science that deals with the study of Network
traffic flow, capture, recording, monitoring, control
and collection in order to find the source of security breach
or security policy violation. This paper discuss the
existing Network forensics framework system and proposed new generic framework
for Network forensics. We also discussed and identified new and current
research challenges.
In January 2009, most popular social media sites like Facebook, twitter
and google blogger were under denial of service attacks. The reason was no
tools that monitor the traffic and generate alert when reach threshold were
installed on network. Network forensic could help in that case at very initial
stage by generation notification by just inspecting and analyzing abnormal
transmission packets. Network
forensics is not another
name of network
security rather it is extension
to network security
because it happens
after crime committed and gather its information from firewall,
intrusion detection system and other security products. Network forensic could
trace the culprit, methodology used to attack, duration of attack and possibly
the reason of the attack. It is worthwhile to note that Network security breach
may or may not be network forensic issue because some time a legally declared
crime may not be a security policy
violation. Network security protects against security attack while
Network forensics capture and record to find the evidence of attack.
We divide Network Forensics in two types based on nature, collection and
purpose. Nature: Network Forensics is built in hardware and software based or
only Software tools based. Collection: How data is collected whiter it is stop
look and stop listen base in which random packets are selected and analyzed or
catch it as you can base in which each and every packet passing
through a specific
point is captured, stored and analyzed. Purpose: whither Network Forensics is for
finding the source and culprit or it is protecting the Network from possible attacks.
Network Forensics tools help system and network administrator to capture,
record and analyze the network traffic and gather information about crime
investigation. Network forensics tools also help to initiate the incident
response. Some of the most popular current Network Forensics tools include
NetIntercept, PyFlag, NetFlow, Silk, TCP Flow, TCPDump, nfDump, TCPTrace,NTAP,
TCPDstat, Nmap and Pof , wireshar, slinet runner, netwitness and netDetector
etc.
Many network commands
built in modern operating systems
can help and assist network
administrator in network foresnics
at some extent. Some of these commands
are as follows: nsLookUp, TCPstat,
Tracerout, Netstat, nbtstat , whois, ping, dig etc.
There exist some digital forensic model like one presented in Digital
Forensics Research workshop that consist of following steps: Identification,
preservation, collection, Examine, analysis, decision and Presentation. Many other Process
model were presented since then but all of them were related to Digital
forensic and not for specially Network Forensics. Ren and Jen presented first
proper Process model for Network Forensics in 2005 consisting of the following steps: Capture, copy,
transfer, analysis, Investigation and presentation.
We propose our Generic Network Forensics framework process model with
following steps: Preparation, Detection, Collection, Preservation, Examination,
Analysis, Investigation and finally presentation.
There are many Frameworks exist including Distributes system based
Networks, Soft computing based networks , Honeypots based frameworks, attack
graph based frameworks, Formal method based frameworks, Aggregation frameworks,
Today Network is everywhere and so is the chance of cyber and network
based attacks therefore
Networks Forensics need deep research and it face many challenges to
overcome some of them are given below: Collection and Detection, Data fusion
and examination, Analysis, Investigation
and Incident Response.
No comments:
Post a Comment