Calibration Testing of Network Tap Devices
Abstract: Understanding the behavior of network forensic devices is important to support prosecutions of malicious conduct on computer networks as well as legal remedies for false accusations of network management negligence. Individuals who seek to establish the credibility of network forensic data must speak competently about how the data was gathered and the potential for data loss. Unfortunately, manufacturers rarely provide information about the performance of low-layer network devices at a level that will survive legal challenges. This paper proposes a first step toward an independent calibration standard by establishing a validation testing methodology for evaluating forensic taps against manufacturer specifications. The methodology and the theoretical analysis that led to its development are offered as a conceptual framework for developing a standard and to "operationalize" network forensic readiness. This paper also provides details of an exemplar test, testing environment, procedures and results.
- Research Organization:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 985080
- Report Number(s):
- PNNL-SA-61738; TRN: US201016%%1764
- Resource Relation:
- Related Information: Advances in Digital Forensics III, IFIP International Federation for Information Processing , 242:3-19
- Country of Publication:
- United States
- Language:
- English
Similar Records
Microbial Forensics: A Scientific Assessment
Establishing Tap Reliability in Expert Witness Testimony: Using Scenarios to Identify Calibration Needs