Naslov
Network forensics

Autori
Volarevic, I. ; Tomic, M. ; Milohanic, L.

Vrsta, podvrsta i kategorija rada
Radovi u zbornicima skupova, cjeloviti rad (in extenso), znanstveni

Skup
45th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO 2022)

Mjesto i datum
Opatija, Hrvatska, 23.05.2022. - 27.05.2022

Vrsta sudjelovanja
Predavanje

Vrsta recenzije
Međunarodna recenzija

Ključne riječi
Performance evaluation , Firewalls (computing) , Forensics , Digital forensics , Intrusion detection , Software , Security

Sažetak
Network firewalls and intrusion detection and prevention devices or software are crucial parts of today's networks. However, security breaches still can and do happen. They can originate from malicious users of on-site devices or any other point in local or remote networks. Often, a single compromised host is a source of further and more devastating attacks. After a breach occurs, or there is a reasonable doubt that it occurred, it is important to perform forensic analysis. The analysis could potentially discover the type of the attack, how long it lasts, the range of affected hosts, the scale of the attack, or sometimes even the intruders. In this paper, we explore a network forensic analysis workflow, evidence collection and analysis steps. We present a common analysis tool and its usage and perform an example analysis based on actual packet captures and intrusion detection systems logs, following a successful security measures breach and host infection. The paper will present a realistic example of forensic analysis based on Snort alerts, and the rest of the investigation will be conducted with the help of Wireshark, with which we will find various useful information about the infected host.

Izvorni jezik
Engleski

POVEZANOST RADA