Download
1 / 7
80 likes | 151 Views
Explore the world of network forensics, including remote data acquisition, traffic analysis, and legal considerations. Learn about current challenges, such as data loss, false positives, and the need for speed. Discover short-term and long-term goals in the industry.
E N D
What is it? • Remote data acquisition (disk capture) • Remote collection of live systems (memory) • Traffic acquisition (cables and devices) • Multiple examiners viewing single source
Technical • Current tools don’t cut it • Validation – integrity of data • Multiple machine functions (network devices) • Traffic Capture (non TCP/UDP) • Data loss due to high traffic volumes • Content ID and analysis (VoIP, IM) • Traffic pattern recognition • Data reduction • Attribution (IP forgery, onion routing) • False Positives • Dynamic systems • Speed and minimal system impact is a priority
Legal • Privacy Issues • Commingling of data • Jurisdiction • Interstate Warrants
Policy • Banners and policy statements • Logging requirements • Third party tools to meet our needs? • Pressure device vendors? • Bill of rights • Balance need for attribution with individual rights
Short Term Goals • Define network forensics • Tools • Capture • Analysis (data normalization, visualization and mining) • Attribution • Process • Best practices • Guidelines for various devices/situations
Long Term Goals • Persuade Industry Provide Monitoring Ability • OS development to enable capture of volatile data • OS development to minimize commingling
