A Review of Current Research in Network Forensic Analysis

Ikuesan, Richard Adeyemi; Razak, Shukor Abd; Azhan, Nor Amira Nor

doi:10.4018/jdcf.2013010101

Cited by 34 publications

(16 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Traditionally, a network consists of two or more computers that are linked together to share resources, exchange files, or allow electronic communications [3,4]. This definition though has evolved to accommodate new concepts that define the modern network environment as explained in this paper.…”

Section: Modern Network Environment (Mne)mentioning

confidence: 99%

Real-time monitoring as a supplementary security component of vigilantism in modern network environments

Kebande

Karie

Ikuesan

2020

Int. j. inf. tecnol.

View full text Add to dashboard Cite

The phenomenon of network vigilantism is autonomously attributed to how anomalies and obscure activities from adversaries can be tracked in real-time. Needless to say, in today’s dynamic, virtualized, and complex network environments, it has become undeniably necessary for network administrators, analysts as well as engineers to practice network vigilantism, on traffic as well as other network events in real-time. The reason is to understand the exact security posture of an organization’s network environment at any given time. This is driven by the fact that modern network environments do, not only present new opportunities to organizations but also a different set of new and complex cybersecurity challenges that need to be resolved daily. The growing size, scope, complexity, and volume of networked devices in our modern network environments also makes it hard even for the most experienced network administrators to independently provide the breadth and depth of knowledge needed to oversee or diagnose complex network problems. Besides, with the growing number of Cyber Security Threats (CSTs) in the world today, many organisations have been forced to change the way they plan, develop and implement cybersecurity strategies as a way to reinforce their ability to respond to cybersecurity incidents. This paper, therefore, examines the relevance of Real-Time Monitoring (RTM) as a supplementary security component of vigilantism in modern network environments, more especially for proper planning, preparedness, and mitigation in case of a cybersecurity incident. Additionally, this paper also investigates some of the key issues and challenges surrounding the implementation of RTM for security vigilantism in our modern network environments.

show abstract

Section: Modern Network Environment (Mne)mentioning

confidence: 99%

Real-time monitoring as a supplementary security component of vigilantism in modern network environments

Kebande

Karie

Ikuesan

2020

Int. j. inf. tecnol.

View full text Add to dashboard Cite

show abstract

“…Network Forensics Network Forensic adalah cabang dari digital forensic berkaitan dengan monitoring dan analisis lalu lintas jaringan kompuer untuk tujuan pengumpulan informasi, bukti hukum atau deteksi instruksi. [2] Network Forensics adalah menangkap, merekam, dan analisis peristiwa jaringan untuk menemukan sumber serangan keamanan atau insiden masalah lainnya. [2]…”

Section: A Voip (Voice Over Internet Protocol)unclassified

“…[2] Network Forensics adalah menangkap, merekam, dan analisis peristiwa jaringan untuk menemukan sumber serangan keamanan atau insiden masalah lainnya. [2]…”

Section: A Voip (Voice Over Internet Protocol)unclassified

Analisis Data Digital Evidence pada Layanan Voice Over Internet Protocol (VoIP)

Adam

Widiyasono

Mubarok

2016

JEPIN

View full text Add to dashboard Cite

Teknologi VoIP (Voice Over Internet Protocol) merupakan teknologi yang mampu melewatkan panggilan suara, video dan data dalam jaringan IP. Voice over Internet Protocol (VoIP) dalam teknologi komunikasi cukup signifikan sehingga tidak terlepas dari kejahatan cybercrime, Teknologi VoIP dapat disalahgunakan untuk melakukan tindakan kejahatan jarak jauh sehingga diperlukan langkah-langkah investigasi jika terjadi masalah. Menemukan artefact pada Infrastruktur VoIP merupakan tantangan tersendiri. WireSharks salah satu tool yang digunakan dalam investigasi ini. Metode yang digunakan adalah DFIF yang terdiri tahapan adalah Collection, Examination, Analysis, dan Report and Documentation. Investigasi pada layanan VoIP dapat berhasil dilakukan dengan menemukan data digital evidence di layer 5. Tujuan Penelitian ini yaitu Mengetahui Karakteristik Data Digital berupa suara pada layanan Voice Over IP dan Menganalisis Data Digital berupa suara pada layanan Voice Over IP. Hasil dari penelitian ini barang bukti digital yang berupa percakapan yang dapat dipertanggungjawabkan dalam pengadilan..Kata kunci— Data, Evidence, Forensik,Network, VoIP

show abstract

“…These questions usually arise after an incident has occurred. An incident in this context is a threat or violation of computer security policies 9 . Examples of incidents include organizational data loss or a malware intrusion.…”

Section: Introductionmentioning

confidence: 99%

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

Makura

Venter

Kebande

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent‐based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. The prototype is deployed and executed in cloud instances hosted on OpenStack: the operational cloud environment. The experiments performed in this study show that it is viable to attain DFR in an operational cloud platform. Further observations show that the prototype is capable of harvesting digital data from cloud instances and store the data in a forensic sound database. The prototype also prepares the operational cloud environment to be forensically ready for digital forensic investigations without alternating the functionality of the OpenStack cloud architecture by leveraging the ISO/IEC 27043 guidelines on security monitoring.

show abstract

A Review of Current Research in Network Forensic Analysis

Cited by 34 publications

References 44 publications

Real-time monitoring as a supplementary security component of vigilantism in modern network environments

Real-time monitoring as a supplementary security component of vigilantism in modern network environments

Analisis Data Digital Evidence pada Layanan Voice Over Internet Protocol (VoIP)

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

Contact Info

Product

Resources

About