A Model Based Approach for the Extraction of Network Forensic Artifacts

Izzat Alsmadi, Mamoun Alazab

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

Abstract

Forensic analysts typically search through a large volume of data in different locations looking for possible evidences. The process can be very tedious and time consuming. Automating the process of searching for possible evidences can be very useful even if this can be as an initial stage before further deep human or manual analysis. Toward this goal, we developed a tool to automate extracting forensic artifacts from network resources. We evaluated the tool using artifacts of network packets and switch memory dumps. We found out that their is a need to balance between customization and level of details or accuracy that such tools can produce. This means that it will be impractical to develop a one-for-All tool or else such tool will be very large, complex and possible inefficient.

Original languageEnglish
Title of host publicationProceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017
EditorsAmeer Al-Nemrat, Mamoun Alazab
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages16-18
Number of pages3
ISBN (Electronic)9781538621431
DOIs
Publication statusPublished - 9 Jan 2018
Externally publishedYes
Event2017 Cybersecurity and Cyberforensics Conference, CCC 2017 - London, United Kingdom
Duration: 21 Nov 201723 Nov 2017

Publication series

NameProceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017
Volume2018-September

Conference

Conference2017 Cybersecurity and Cyberforensics Conference, CCC 2017
CountryUnited Kingdom
CityLondon
Period21/11/1723/11/17

Fingerprint

Packet networks
Switches
Digital forensics
Data storage equipment
Customization
Network resources
Analysts

Cite this

Alsmadi, I., & Alazab, M. (2018). A Model Based Approach for the Extraction of Network Forensic Artifacts. In A. Al-Nemrat, & M. Alazab (Eds.), Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017 (pp. 16-18). (Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017; Vol. 2018-September). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/CCC.2017.13
Alsmadi, Izzat ; Alazab, Mamoun. / A Model Based Approach for the Extraction of Network Forensic Artifacts. Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017. editor / Ameer Al-Nemrat ; Mamoun Alazab. IEEE, Institute of Electrical and Electronics Engineers, 2018. pp. 16-18 (Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017).
@inproceedings{e60bcd4b4e48402ba9888814fea5c738,
title = "A Model Based Approach for the Extraction of Network Forensic Artifacts",
abstract = "Forensic analysts typically search through a large volume of data in different locations looking for possible evidences. The process can be very tedious and time consuming. Automating the process of searching for possible evidences can be very useful even if this can be as an initial stage before further deep human or manual analysis. Toward this goal, we developed a tool to automate extracting forensic artifacts from network resources. We evaluated the tool using artifacts of network packets and switch memory dumps. We found out that their is a need to balance between customization and level of details or accuracy that such tools can produce. This means that it will be impractical to develop a one-for-All tool or else such tool will be very large, complex and possible inefficient.",
keywords = "Network Forensics, Software Defined Networking, Switch forensics",
author = "Izzat Alsmadi and Mamoun Alazab",
year = "2018",
month = "1",
day = "9",
doi = "10.1109/CCC.2017.13",
language = "English",
series = "Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
pages = "16--18",
editor = "Ameer Al-Nemrat and Mamoun Alazab",
booktitle = "Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017",
address = "United States",

}

Alsmadi, I & Alazab, M 2018, A Model Based Approach for the Extraction of Network Forensic Artifacts. in A Al-Nemrat & M Alazab (eds), Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017. Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017, vol. 2018-September, IEEE, Institute of Electrical and Electronics Engineers, pp. 16-18, 2017 Cybersecurity and Cyberforensics Conference, CCC 2017, London, United Kingdom, 21/11/17. https://doi.org/10.1109/CCC.2017.13

A Model Based Approach for the Extraction of Network Forensic Artifacts. / Alsmadi, Izzat; Alazab, Mamoun.

Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017. ed. / Ameer Al-Nemrat; Mamoun Alazab. IEEE, Institute of Electrical and Electronics Engineers, 2018. p. 16-18 (Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017; Vol. 2018-September).

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

TY - GEN

T1 - A Model Based Approach for the Extraction of Network Forensic Artifacts

AU - Alsmadi, Izzat

AU - Alazab, Mamoun

PY - 2018/1/9

Y1 - 2018/1/9

N2 - Forensic analysts typically search through a large volume of data in different locations looking for possible evidences. The process can be very tedious and time consuming. Automating the process of searching for possible evidences can be very useful even if this can be as an initial stage before further deep human or manual analysis. Toward this goal, we developed a tool to automate extracting forensic artifacts from network resources. We evaluated the tool using artifacts of network packets and switch memory dumps. We found out that their is a need to balance between customization and level of details or accuracy that such tools can produce. This means that it will be impractical to develop a one-for-All tool or else such tool will be very large, complex and possible inefficient.

AB - Forensic analysts typically search through a large volume of data in different locations looking for possible evidences. The process can be very tedious and time consuming. Automating the process of searching for possible evidences can be very useful even if this can be as an initial stage before further deep human or manual analysis. Toward this goal, we developed a tool to automate extracting forensic artifacts from network resources. We evaluated the tool using artifacts of network packets and switch memory dumps. We found out that their is a need to balance between customization and level of details or accuracy that such tools can produce. This means that it will be impractical to develop a one-for-All tool or else such tool will be very large, complex and possible inefficient.

KW - Network Forensics

KW - Software Defined Networking

KW - Switch forensics

UR - http://www.scopus.com/inward/record.url?scp=85050499221&partnerID=8YFLogxK

U2 - 10.1109/CCC.2017.13

DO - 10.1109/CCC.2017.13

M3 - Conference Paper published in Proceedings

T3 - Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017

SP - 16

EP - 18

BT - Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017

A2 - Al-Nemrat, Ameer

A2 - Alazab, Mamoun

PB - IEEE, Institute of Electrical and Electronics Engineers

ER -

Alsmadi I, Alazab M. A Model Based Approach for the Extraction of Network Forensic Artifacts. In Al-Nemrat A, Alazab M, editors, Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017. IEEE, Institute of Electrical and Electronics Engineers. 2018. p. 16-18. (Proceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017). https://doi.org/10.1109/CCC.2017.13