A Model Based Approach for the Extraction of Network Forensic Artifacts

Izzat Alsmadi*, Mamoun Alazab

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    3 Citations (Scopus)

    Abstract

    Forensic analysts typically search through a large volume of data in different locations looking for possible evidences. The process can be very tedious and time consuming. Automating the process of searching for possible evidences can be very useful even if this can be as an initial stage before further deep human or manual analysis. Toward this goal, we developed a tool to automate extracting forensic artifacts from network resources. We evaluated the tool using artifacts of network packets and switch memory dumps. We found out that their is a need to balance between customization and level of details or accuracy that such tools can produce. This means that it will be impractical to develop a one-for-All tool or else such tool will be very large, complex and possible inefficient.

    Original languageEnglish
    Title of host publicationProceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017
    EditorsAmeer Al-Nemrat, Mamoun Alazab
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages16-18
    Number of pages3
    ISBN (Electronic)9781538621431
    DOIs
    Publication statusPublished - 1 Jul 2017
    Event2017 Cybersecurity and Cyberforensics Conference, CCC 2017 - London, United Kingdom
    Duration: 21 Nov 201723 Nov 2017

    Publication series

    NameProceedings - 2017 Cybersecurity and Cyberforensics Conference, CCC 2017
    Volume2018-September

    Conference

    Conference2017 Cybersecurity and Cyberforensics Conference, CCC 2017
    Country/TerritoryUnited Kingdom
    CityLondon
    Period21/11/1723/11/17

    Fingerprint

    Dive into the research topics of 'A Model Based Approach for the Extraction of Network Forensic Artifacts'. Together they form a unique fingerprint.

    Cite this