• Title/Summary/Keyword: network forensic

Search Result 84, Processing Time 0.02 seconds

A Designing Method of Digital Forensic Snort Application Model (Snort 침입탐지 구조를 활용한 디지털 Forensic 응용모델 설계방법)

  • Noh, Si-Choon
    • Convergence Security Journal
    • /
    • v.10 no.2
    • /
    • pp.1-9
    • /
    • 2010
  • Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users. Snort identifies network indicators by inspecting network packets in transmission. A process on a host's machine usually generates these network indicators. This means whatever the snort signature matches the packet, that same signature must be in memory for some period (possibly micro seconds) of time. Finally, investigate some security issues that you should consider when running a Snort system. Paper coverage includes: How an IDS Works, Where Snort fits, Snort system requirements, Exploring Snort's features, Using Snort on your network, Snort and your network architecture, security considerations with snort under digital forensic windows environment.

An Log Visualization Method of Network Security Equipment for Private Information Security (개인정보 보호를 위한 네트워크 보안장비의 로그 가시화 방법 연구)

  • Sim, Hee-Youn;Kim, Hyung-Jong
    • Convergence Security Journal
    • /
    • v.8 no.4
    • /
    • pp.31-40
    • /
    • 2008
  • Recently, network forensic research which analyzes intrusion-related information for tracing of attackers, has been becoming more popular than disk forensic which analyzes remaining evidences in a system. Analysis and correlation of logs from firewall, IDS(Intrusion Detect System) and web server are important part in network forensic procedures. This work suggests integrated graphical user interface of network forensic for private information leakage detection. This paper shows the necessity of various log information for network forensic and a design of graphical user interface for security managers who need to monitor the leakage of private information.

  • PDF

An Implementation of Audit System Applying Forensic Analysis Technology over Network Nodes (네트워크 노드에 대한 포렌식 분석기법을 적용한 감사시스템의 구현)

  • Kim, Yoon-Ho
    • The Journal of Society for e-Business Studies
    • /
    • v.14 no.3
    • /
    • pp.169-181
    • /
    • 2009
  • As the situations that important evidences or clues are found in digital information devices increase, digital forensic technology is widely applied. In this paper, forensic based audit system is implemented by associating forensic analysis system with agent system which monitors and collects data for analysis in storage devices over distributed network nodes. Forensic audit system implemented in this paper can prevent, audit and trace the computer related crimes in IT infrastructure by real time monitoring and evidence seizure.

  • PDF

Mobile Digital Forensic Procedure for Crime Investigation in Social Network Service (소셜 네트워크 서비스에서 사건 수사를 위한 모바일 디지털 포렌식 절차에 관한 연구)

  • Jang, Yu Jong;Kwak, Jin
    • Journal of Advanced Navigation Technology
    • /
    • v.17 no.3
    • /
    • pp.325-331
    • /
    • 2013
  • Social network services(SNS) has been used as a means of communication for user or express themselves user. Therefore, SNS has a variety of information. This information is useful to help the investigation can be used as evidence. In this paper, A study of mobile digital forensic procedure for crime investigation in social network service. Analysis of database file taken from the smartphone at social network service application for mobile digital forensic procedure. Therefore, we propose a procedure for the efficient investigation of social network service mobile digital forensic.

Network Forensic Evidence Generation and Verification Scheme (효율적인 인터넷 범죄수사를 위한 범행호스트 탐지 및 범죄행위 입증기술)

  • Kim, Hyung-Seok;Kim, Eun-Jin;Kim, Huy-Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.4
    • /
    • pp.719-731
    • /
    • 2012
  • One of the most important point in the Internet crime investigation is tracing back and pointing out a criminal host. However, criminals can forge a crime record stored in the crime host, or can utilize malicious applications in order not to leave a crime record. In addition, criminals can change the source IP address of a crime host and deny their involvement. In this study, we suggests the Network Forensic Evidence Generation and Verification Scheme (NFEGVS) to rectify the current limitation of Network Forensic technologies. This scheme can prove who and when the crime has occurred. In addition, this prevents leaking of symmetric key for guaranteeing certification and integrity of Forensic Evidence by proposing the Timestamp Secret Key Distribution Scheme, and minimizes performance degradation of router when generating forensic evidence with the Flow-Based Selection Scheme. In this paper, we implement the proposed scheme and evaluate overall performance of the proposed system.

A Study of Network Forensic for IDS (IDS 관제를 위한 네트워크 포렌식 연구)

  • Lee, Gi-Sung;No, Si-Young;Park, Sang-Joon;Lee, Jong-Chan;Lee, Seong-Yoon
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.1
    • /
    • pp.467-473
    • /
    • 2011
  • The Network-packet in this Paper to ensure the integrity of the legal evidence is effect that can have is to offer an Network-forensics system. The Paper proposed Network-forensics system in the company through legal disputes accident Networking and state agency (with investigative authority) for criminal investigations in networking for the effective and correct way to present a report of user-centric services through effective awareness can be improved.

Fuzzy Expert System for Detecting Anti-Forensic Activities (안티 포렌식 행위 탐지를 위한 퍼지 전문가 시스템)

  • Kim, Se-Ryoung;Kim, Huy-Kang
    • Journal of Internet Computing and Services
    • /
    • v.12 no.5
    • /
    • pp.47-61
    • /
    • 2011
  • Recently, the importance of digital forensic has been magnified because of the dramatic increase of cyber crimes and the increasing complexity of the investigation of target systems such as PCs, servers, and database systems. Moreover, some systems have to be investigated with live forensic techniques. However, even though live forensic techniques have been improved, they are still vulnerable to anti-forensic activities when the target systems are remotely accessible by criminals or their accomplices. To solve this problem, we first suggest a layer-based model and the anti-forensic scenarios which can actually be applicable to each layer. Our suggested model, the Anti-Forensic Activites layer-based model, has 5 layers - the physical layer, network layer, OS layer, database application layer and data layer. Each layer has possible anti-forensic scenarios with detailed commands. Second, we propose a fuzzy expert system for effectively detecting anti-forensic activities. Some anti-forensic activities are hardly distinguished from normal activities. So, we use fuzzy logic for handling ambiguous data. We make rule sets with extracted commands and their arguments from pre-defined scenarios and the fuzzy expert system learns the rule sets. With this system, we can detect anti-forensic activities in real time when performing live forensic.

Penetration Testing and Network Auditing: Linux

  • Stiawan, Deris;Idris, Mohd. Yazid;Abdullah, Abdul Hanan
    • Journal of Information Processing Systems
    • /
    • v.11 no.1
    • /
    • pp.104-115
    • /
    • 2015
  • Along with the evolution of Internet and its new emerging services, the quantity and impact of attacks have been continuously increasing. Currently, the technical capability to attack has tended to decrease. On the contrary, performances of hacking tools are evolving, growing, simple, comprehensive, and accessible to the public. In this work, network penetration testing and auditing of the Redhat operating system (OS) are highlighted as one of the most popular OS for Internet applications. Some types of attacks are from a different side and new attack method have been attempted, such as: scanning for reconnaissance, guessing the password, gaining privileged access, and flooding the victim machine to decrease availability. Some analyses in network auditing and forensic from victim server are also presented in this paper. Our proposed system aims confirmed as hackable or not and we expect for it to be used as a reference for practitioners to protect their systems from cyber-attacks.

Digital Content Protection and Computer Forensics Evidence Management Mechanism using MPEG-21 in Network Service Environment (네트워크 서비스 환경에서 MPEG-21을 활용한 디지털 콘텐츠 보호 및 컴퓨터 포렌식스 증거 관리 메커니즘)

  • Jang, Eun Gyeom;Lee, Bum Suk
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.2
    • /
    • pp.129-141
    • /
    • 2010
  • In network service environment, cultures from diversified fields are easily accessible thanks to the convenient digital content services. Unfortunately, unauthorized access and indiscreet misuse behaviors have deprived content owners of their copyrights. This study suggests an integrity-ensured model applicable for forensic evidence of digital content infringement in network service environment. The suggested model is based on MPEG-21 core components for digital content protection and the system is designed in connection with the components of digital content forensics. Also, the present study suggests an efficient technology to protect and manage computer forensic evidence and digital content by authorizing digital content use and catching infringing logs of authorized users without lag in network environment for the benefit of network security and reliability.

Forensic Analysis of KakaoTalk Messenger on Android Environment (안드로이드 환경에서의 KakaoTalk 메신저의 포렌식 분석 방법론 제안 및 분석)

  • Yoon, Jongcheol;Park, Yongsuk
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.20 no.1
    • /
    • pp.72-80
    • /
    • 2016
  • Recently, IM(Instant Messenger) of KakaoTalk is being used on smart devices such as smartphones. Because IM service can carry user and/or suspector's various information including life style, geographical position, psychology and crime history, forensic analysis on IM service is desirable. But, forensic analysis for KakaoTalk is not well studied yet. This paper studies a proper forensic method for KakaoTalks, finds artifacts location, reconstruct the list of contacts and the chronology of the messages that have been exchanged by users. Proposed methodology and analyzed information can provide a basic platform for forensic tool.