Network Forensics What is it Remote data acquisition

  • Slides: 7
Download presentation
Network Forensics

Network Forensics

What is it? ► Remote data acquisition (disk capture) ► Remote collection of live

What is it? ► Remote data acquisition (disk capture) ► Remote collection of live systems (memory) ► Traffic acquisition (cables and devices) ► Multiple examiners viewing single source

Technical ► Current tools don’t cut it § § § § § ► Validation

Technical ► Current tools don’t cut it § § § § § ► Validation – integrity of data Multiple machine functions (network devices) Traffic Capture (non TCP/UDP) Data loss due to high traffic volumes Content ID and analysis (Vo. IP, IM) Traffic pattern recognition Data reduction Attribution (IP forgery, onion routing) False Positives Dynamic systems § Speed and minimal system impact is a priority

Legal ► Privacy Issues § Commingling of data ► Jurisdiction § Interstate Warrants

Legal ► Privacy Issues § Commingling of data ► Jurisdiction § Interstate Warrants

Policy ► Banners and policy statements ► Logging requirements § Third party tools to

Policy ► Banners and policy statements ► Logging requirements § Third party tools to meet our needs? § Pressure device vendors? ► Bill of rights § Balance need for attribution with individual rights

Short Term Goals ► Define network forensics ► Tools § Capture § Analysis (data

Short Term Goals ► Define network forensics ► Tools § Capture § Analysis (data normalization, visualization and mining) § Attribution ► Process § Best practices § Guidelines for various devices/situations

Long Term Goals ► Persuade Industry Provide Monitoring Ability ► OS development to enable

Long Term Goals ► Persuade Industry Provide Monitoring Ability ► OS development to enable capture of volatile data ► OS development to minimize commingling

Acquisition Office The Acquisition Process Acquisition Staff AcquisitionAcquisition Office The Acquisition Process Acquisition Staff Acquisition
TRUCONNECT REMOTE SERVICE REMOTE SERVICE REMOTE MONITORING REMOTETRUCONNECT REMOTE SERVICE REMOTE SERVICE REMOTE MONITORING REMOTE
TRUCONNECT REMOTE SERVICE REMOTE SERVICE REMOTE MONITORING REMOTETRUCONNECT REMOTE SERVICE REMOTE SERVICE REMOTE MONITORING REMOTE
Forensics Anthropology Forensics Anthropology What is Forensics AnthropologyForensics Anthropology Forensics Anthropology What is Forensics Anthropology
Forensics and Auditing Computer Forensics Computer forensics isForensics and Auditing Computer Forensics Computer forensics is
Forensics What is Forensics Forensics Science associated withForensics What is Forensics Forensics Science associated with