Exploring user requirements of network forensic tools

Global Transitions Proceedings Pub Date : 2021-11-01 DOI:10.1016/j.gltp.2021.08.043

Kousik Barik, Saptarshi Das, Karabi Konar, Bipasha Chakrabarti Banik, Archita Banerjee

{"title":"Exploring user requirements of network forensic tools","authors":"Kousik Barik, Saptarshi Das, Karabi Konar, Bipasha Chakrabarti Banik, Archita Banerjee","doi":"10.1016/j.gltp.2021.08.043","DOIUrl":null,"url":null,"abstract":"<div><p>Network forensic tools enable security professionals to monitor network performance and compromises. These tools are used to monitor internal and external network attacks. Technological improvements have enabled criminals to wipe out tracks of cybercrime to elude alterations. Network forensics procedures use processes to expedite investigation by tracking each original packet and event that is generated in the network. There are many network forensic tools, both open source and commercial versions available in the market. In this work, the result of a survey participated by different experts in open source network forensic tools have been presented. The advantages, challenges, and necessities have been identified for network forensic investigation of such tools. A few open source network forensic tools have been studied and performed a comparative analysis based on six key parameters. Further, two malware datasets are analyzed using open source tools to perform investigation and present a comprehensive network forensic analysis comprising IO graphs, Flow graphs, TCP stream, UDP multicast stream, mac-based analysis, and operating system analysis.</p></div>","PeriodicalId":100588,"journal":{"name":"Global Transitions Proceedings","volume":"2 2","pages":"Pages 350-354"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.gltp.2021.08.043","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Global Transitions Proceedings","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666285X21000716","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Network forensic tools enable security professionals to monitor network performance and compromises. These tools are used to monitor internal and external network attacks. Technological improvements have enabled criminals to wipe out tracks of cybercrime to elude alterations. Network forensics procedures use processes to expedite investigation by tracking each original packet and event that is generated in the network. There are many network forensic tools, both open source and commercial versions available in the market. In this work, the result of a survey participated by different experts in open source network forensic tools have been presented. The advantages, challenges, and necessities have been identified for network forensic investigation of such tools. A few open source network forensic tools have been studied and performed a comparative analysis based on six key parameters. Further, two malware datasets are analyzed using open source tools to perform investigation and present a comprehensive network forensic analysis comprising IO graphs, Flow graphs, TCP stream, UDP multicast stream, mac-based analysis, and operating system analysis.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

探索网络取证工具的用户需求

网络取证工具使安全专业人员能够监视网络性能和危害。这些工具用于监控内部和外部网络攻击。技术的进步使犯罪分子能够清除网络犯罪的痕迹，以逃避改变。网络取证过程通过跟踪网络中生成的每个原始数据包和事件，使用进程来加速调查。市场上有许多网络取证工具，既有开源版本，也有商业版本。在这项工作中，介绍了由开源网络取证工具的不同专家参与的调查结果。指出了这类工具的优势、挑战和必要性。研究了一些开源网络取证工具，并基于六个关键参数进行了比较分析。此外，使用开源工具分析两个恶意软件数据集进行调查，并提供全面的网络取证分析，包括IO图，流图，TCP流，UDP多播流，基于mac的分析和操作系统分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Global Transitions Proceedings

自引率

0.00%

发文量