Network Forensic
2 likes2,612 views
This document provides an overview of network forensics, highlighting its importance in analyzing network traffic and monitoring intrusions. It discusses various methods and tools used in network forensics, the challenges faced in capturing and analyzing data, and the future directions for the development of more intelligent forensic tools. The conclusion emphasizes the need for advancements in network forensics to enhance investigation efficiency and adapt to evolving network environments.
![References
References
Suleman Khan,A Gani, A W A Wahab: Network forensics:
Review,taxonomy,and open challenge [2016]
Gulshan Shrivastava :Network Forensics: Methodical Literature
Review [IEEE-2016]
Sherri Davido & Jonathan Ham: Network Forensics Tracking Hackers
through Cyberspace [BOOK]
SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 34 / 34](https://image.slidesharecdn.com/presentation-171107170858/85/Network-Forensic-34-320.jpg)
Network Forensic
- 1. PRESENTATION NETWORK FORENSICS SUJEET KUMAR 31703218 October 29, 2017 SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 1 / 34
- 2. Table of Contents Table Table of Contents Motivation Introduction Network Forensics Issues Network forensics Analysis Tools Conclusion and future directions SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 2 / 34
- 3. Table of Contents Motivation Motivation Nowadays network grow explosively and crime related to the network is increasing. Network Forensics is a sub-division of digital forensics and it mainly focus on the analysis of network traffic and monitors the intrusion. Network Forensics can focus on volatile and dynamic data but digital forensics is focus on stored and static data. Whenever intrusions are detected on network,then network forensics capture and record that activity for investigation process after the collection of intrusion activity analysis, perform on the network traffic SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 3 / 34
- 4. Introduction Basics Forensics? The art of gathering evidence during or after a crime Reconstructing the criminals actions Providing evidence for prosecution Digital Forensics The scientific examination and analysis of digital evidence in such a way that the information can be used as evidence in a court of law. Network Forensic Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 4 / 34
- 5. Introduction Basics SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 5 / 34
- 6. Introduction Fundamental Basics of Network Forensic SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 6 / 34
- 7. Introduction Fundamental Fundamental Catch-it-as-you-can All packets are sends through a traffic point and all these packets are stored into database. Analysis is performed on stored data analysis data are also stored into database so it required larger storage and these data are saved for future analysis. Stop-look-and-listen This system is very different from first system, in this system only those data are saved into database that required for future analysis. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 7 / 34
- 8. Network Forensics Model Model SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 8 / 34
- 9. Network Forensics Network Forensics Methods Network Forensics Methods Ethernet TCP/IP Internets Wireless Forensics SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 9 / 34
- 10. Network Forensics Ethernet Ethernet Methods are achieved with eavesdropping bit streams (on the Ethernet layer) Uses monitoring tools or sniffers Wireshark Then protocols can be consulted, such as the Address Resolution Protocol (ARP) Network Interface Card (NIC), but can be averted with encryption SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 10 / 34
- 11. Network Forensics TCP/IP TCP/IP Methods are achieved with router information investigations (on the Network layer). Each router includes routing tables to pass along packets These are some of the best information sources for data tracking Follow compromised packets, reverse route, ID the source Network layer also provides authentication log evidence SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 11 / 34
- 12. Network Forensics Internet Internet Methods are achieved by identifying server logs (on the Internet). Includes web-browsing, email, chat, and other types of traffic communication Server logs collect information Email accounts have useful information except when email headers are faked User account information associated with a particular user SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 12 / 34
- 13. Network Forensics Wireless Forensics Wireless Forensics Methods are achieved by collecting & analyzing wireless traffic (Wireless Networks). A sub-discipline of the field To get that which is considered valid digital evidence This can be normal data OR voice communications via VoIP Analysis is similar to wired network situations, with different security issues SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 13 / 34
- 14. Network Forensics Monitor Network Monitor SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 14 / 34
- 15. Issues Basic Issues Internet worm Phishing Spam Bots Distributed Denial of Service (DDoS) and Denial of service (DoS) ZERO-Day Attack Random-UDP Flooding Attack Stealth Port Scanning Attack SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 15 / 34
- 16. Network forensics analysis tools Network forensics analysis tools Network forensics analysis tools are used to analyze the collected data, aggregated data from multiple security tools. Network forensics analysis tools functions are provide IP security, Detect inside and outside attack in the system, risk analysis, Data recovery, Anomaly detection, Prediction of future attacks, Detect attack pattern , Data aggregation from IDS and firewall logs etc. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 16 / 34
- 17. Network forensics analysis tools NetIntercept NetIntercept It collects network traffic and analyzed bundle of traffic. It detects spoofing and generates a variety of report from their result. It store large amount of data at a time. We can also say it is an example of catchit-as-you-can system. Netintercept tool allow to its log files are analyzed and inspected by different tools SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 17 / 34
- 18. Network forensics analysis tools NetIntercept NetIntercept Continued SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 18 / 34
- 19. Network forensics analysis tools Iris Iris It collects data packets from the internet, then reassembles it, and reconstructs the actual text from the session. Replay the network traffic for audit trail of suspicious activity. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 19 / 34
- 20. Network forensics analysis tools Iris Iris Continued SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 20 / 34
- 21. Network forensics analysis tools NetworkMiner NetworkMiner By using the live sniffer it, capture the network traffic that discover host name, reassemble the network data. It detects how much an attacker leaks data. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 21 / 34
- 22. Network forensics analysis tools NetworkMiner NetworkMiner Continued SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 22 / 34
- 23. Network forensics analysis tools Other Tools Other Tools NetDetector It captures the attack, integrate all signature based anomaly detection, and reconstruct the session. This tool performs import and export of data through HTTP, FTP and SCP. It support network interfaces like T1, FDDI and support protocol like TCP/IP. NetDetctor tool capture, analyzed and report on the network traffic. SilentRunner This tools is focus on inside threats, it capture analyzed and visualized in 3-dimension on the network to monitor every packets passing through network. If any abnormally occurred on the internet then it alerts. It also reconstruct security incident in their exact sequence. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 23 / 34
- 24. Network forensics analysis tools Network security and monitor network traffic onlin tool Network security and monitor network traffic online TCPDump It run in command line, it analyzed, capture, display, and store the network data. Main function of this tool is filter and collects the data. Wireshark and savant This tool is used for analyzed the network packet. It perform live capturing the data, offline analysis, it read and write data in different formats by using other tools. Ngrep It is used for debugging the low level network traffic in UNIX. Function of this tool is filter and collects the data. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 24 / 34
- 25. Network forensics challenges Network forensics challenges Network forensics challenges SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 25 / 34
- 26. Network forensics challenges High speed data transmission High speed data transmission High data rate of network traffic creates difficulties for network forensics in capturing and preserving all network packets . Millions of packets are transmitted over the network in no time, which passes through thousands of interconnected network devices To overcome the aforementioned problems, three different solution are proposed including hardware based ,software based and distributive based solution. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 26 / 34
- 27. Network forensics challenges Data storage on the network devices Data storage on the network devices A huge amount of data is transmitted over the network which is captured and analyzed for investigation. However, such data complicates the situation for network forensics to retrieve evidence from the network. For instance, the captured data needs to be stored on devices with large storage capacity; whereas the storage capacity of the network interconnectivity devices is limited SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 27 / 34
- 28. Network forensics challenges Data integrity Data integrity Data integrity plays a vital role in the process of network forensics which has to be tackled. Data integrity in the network is an ability to keep accurate, complete, and consistent data in the network. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 28 / 34
- 29. Network forensics challenges Data privacy Data privacy Data privacy is an important factor in the investigation process of network forensics. A forensic attribution solution is proposed to solve the aforementioned problem related to user privacy . A forensic investigator can view the data of interest by verifying the packet signature to enforce forensic attribution in the network SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 29 / 34
- 30. Network forensics challenges Access to IP addresses Access to IP addresses The access of source IP address of an intruder is an important step in network forensics. Source IP address indicates origin of the attack that assists in the identification of the intruder and stopping the attacks SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 30 / 34
- 31. Network forensics challenges Data extraction location Data extraction location Distributive nature and virtualized characteristics of networks complicate network forensics in identifying appropriate location and device for extracting the data. A network with thousands of devices connected with each other through high speed data links, which transmit millions of packets per second is difficult to be handled for its each link and device. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 31 / 34
- 32. Network forensics challenges Intelligent network forensic tools Intelligent network forensic tools Current network forensic analysis tools capture and record network traffic by targeting complete packets. Such tools incorporate problems regarding storing huge volume of data with more time delays. An intelligent and smart network forensic tool is required to capture network traffic of choice depending on the investigational situation. For instance, capturing specific session data with a domain of interest, which further records, analyzes, and visualizes the data. This will reduce problem of storage, computational resources for investigation, bandwidth utilization, time delays, and result in quick incident response in real-time situation. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 32 / 34
- 33. Conclusion and future directions Conclusion and future directions The development of intelligent network forensic tools to focus on specific type of network traffic analysis is a challenge in terms of future perspective. This will reduce time delays, less computational resources requirement; minimize attacks, providing reliable and secured evidences, and efficient investigation with minimum efforts. Moreover, network forensics at distributed networks of the cloud computing and mobile cloud computing needs to be explored. SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 33 / 34
- 34. References References Suleman Khan,A Gani, A W A Wahab: Network forensics: Review,taxonomy,and open challenge [2016] Gulshan Shrivastava :Network Forensics: Methodical Literature Review [IEEE-2016] Sherri Davido & Jonathan Ham: Network Forensics Tracking Hackers through Cyberspace [BOOK] SUJEET KUMAR (31703218) PRESENTATION October 29, 2017 34 / 34