Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Experience with Engineering a Network Forensics System

Summary: Experience with Engineering a Network
Forensics System
Ahmad Almulhem and Issa Traore
ISOT Research Lab
University of Victoria, Canada
{almulhem, itraore}@ece.uvic.ca
Abstract. Network Forensics is an important extension to the model of
network security where emphasis is traditionally put on prevention and
to a lesser extent on detection. It focuses on the capture, recording, and
analysis of network packets and events for investigative purposes. It is a
young field for which very limited resources are available. In this paper,
we briefly survey the state of the art in network forensics and report our
experience with building and testing a network forensics system.
1 Introduction
Most organizations fight computer attacks using a mixture of various technolo-
gies such as firewalls and intrusion detection systems [1]. Conceptually, those
technologies address security from three perspectives; namely prevention, detec-
tion, and reaction. We, however, believe that a very important piece is missing
from this model. Specifically, current technologies lack any investigative features.
In the event of attacks, it is extremely hard to tie the ends and come up with a


Source: Almulhem, Ahmad - Computer Engineering Department, King Fahd University of Petroleum and Minerals


Collections: Computer Technologies and Information Sciences