Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is FORENSICS? Why do we need Network Forensics?

Published byAlfred Long Modified over 8 years ago

Similar presentations

Presentation on theme: "What is FORENSICS? Why do we need Network Forensics?"— Presentation transcript:

1 What is FORENSICS? Why do we need Network Forensics? Why it is so important?

2 Introduction Network – Interconnection of computers by communicating channels Large amount of Data or Packets transferring at each interval of time Attacks may be either passive or active Network Forensics is like camera on the network discover the source of security attacks provides useful tools for investigating cybercrimes on the Internet

3 Network Forensics Analyzing the network traffic
Examining the network devices like Routers Data rate is very fast Need to store the packets to find the behavior Deal with volatile and dynamic information Identify all possible security violations Identify malicious activities from the traffic logs and discover their details, and to assess the damage

4 Definition: Act of capturing, recording, and analyzing network audit trails in order to discover the source of security breaches or other information assurance problems. Systems collect data in two forms: "Catch-it-as-you-can" – Packets passing through certain traffic point are captured Analysis is done subsequently Requires large amounts of storage. "Stop, look and listen" – Packet is analyzed in memory Certain information saved for future analysis.

5 Capabilities Comprehensive data collection:—anything that crosses the network, whether , IM, VoIP, FTP, HTML, or some other application or protocol — collected by a single system and stored in a common, searchable format Flexible data collection: Collect all data on a network segment for future inspection or focus on a specific user or server.

6 Catching hackers on the wire
Attackers fingerprints remain throughout the network, in firewall logs, IDS/IPS, web proxies, traffic captures

7 Ethernet --data on this layer is collected using network interface card (NIC) of a host. -- it collects all the traffic that comes over the network. TCP/IP --in this routing tables are used to identify attackers. --a part from routing tables, authentication logs are also used in this layer. The Internet --Web server logs are used here. --used to extract user account information.

8 Network forensics includes
preparation collection preservation examination analysis Investigation presentation Network Forensic Analysis Tools (NFATs) administrators to monitor networks, gather all information about anomalous traffic assist in network crime investigation

9 A Generic Framework for Network Forensics
Preparation and authorization Collection of network traces Preservation and protection Examination and analysis Investigation and attribution Presentation and review

10 Network forensic analysis
open source and proprietary security tools Wire shark Tcp dump Snort Wire Shark also known as Ethereal used in ETHERNET layer uses pcap to capture data data is captured from live traffic or read from a file that recorded already VoIP calls can be detected in the captured traffic

11

12

13 Conclusion real world method of initially identifying and responding to computer crimes and policy violations data mining tools, network engineers have the data they need to identify and fix problems security teams can reconstruct the sequence of events

14 References en.wikipedia.org/wiki/Network_forensics
portforward.com/networking/wireshark.htm ieeexplore.ieee.org/stamp/stamp.jsp

Download ppt "What is FORENSICS? Why do we need Network Forensics?"

Similar presentations

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,

Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM

Similar presentations

Ads by Google