Analysis of firewall log-based detection scenarios for evidence in digital forensics

Rabiu Mukhtar, A. Al-Nemrat, Mamoun Alazab, Sitalakshmi Venkatraman, Hamid Jahankhani

Research output: Contribution to journalArticleResearchpeer-review

Abstract

With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1 admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts 2 weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack.

Original languageEnglish
Pages (from-to)261-279
Number of pages19
JournalInternational Journal of Electronic Security and Digital Forensics
Volume4
Issue number4
DOIs
Publication statusPublished - Oct 2012
Externally publishedYes

Fingerprint

scenario
evidence
determinants
research focus
Digital forensics
traffic
event

Cite this

Mukhtar, Rabiu ; Al-Nemrat, A. ; Alazab, Mamoun ; Venkatraman, Sitalakshmi ; Jahankhani, Hamid. / Analysis of firewall log-based detection scenarios for evidence in digital forensics. In: International Journal of Electronic Security and Digital Forensics. 2012 ; Vol. 4, No. 4. pp. 261-279.
@article{68ab41d029944d01b0e0080109304f36,
title = "Analysis of firewall log-based detection scenarios for evidence in digital forensics",
abstract = "With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1 admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts 2 weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack.",
keywords = "cybercrime, Digital evidence, Firewall log, Forensic analysis",
author = "Rabiu Mukhtar and A. Al-Nemrat and Mamoun Alazab and Sitalakshmi Venkatraman and Hamid Jahankhani",
year = "2012",
month = "10",
doi = "10.1504/IJESDF.2012.049761",
language = "English",
volume = "4",
pages = "261--279",
journal = "International Journal of Electronic Security and Digital Forensics",
issn = "1751-911X",
publisher = "Inderscience Enterprises Ltd",
number = "4",

}

Analysis of firewall log-based detection scenarios for evidence in digital forensics. / Mukhtar, Rabiu; Al-Nemrat, A.; Alazab, Mamoun; Venkatraman, Sitalakshmi; Jahankhani, Hamid.

In: International Journal of Electronic Security and Digital Forensics, Vol. 4, No. 4, 10.2012, p. 261-279.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Analysis of firewall log-based detection scenarios for evidence in digital forensics

AU - Mukhtar, Rabiu

AU - Al-Nemrat, A.

AU - Alazab, Mamoun

AU - Venkatraman, Sitalakshmi

AU - Jahankhani, Hamid

PY - 2012/10

Y1 - 2012/10

N2 - With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1 admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts 2 weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack.

AB - With the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1 admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts 2 weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack.

KW - cybercrime

KW - Digital evidence

KW - Firewall log

KW - Forensic analysis

UR - http://www.scopus.com/inward/record.url?scp=84867750846&partnerID=8YFLogxK

U2 - 10.1504/IJESDF.2012.049761

DO - 10.1504/IJESDF.2012.049761

M3 - Article

VL - 4

SP - 261

EP - 279

JO - International Journal of Electronic Security and Digital Forensics

JF - International Journal of Electronic Security and Digital Forensics

SN - 1751-911X

IS - 4

ER -