{"title":"探索网络取证工具的用户需求","authors":"Kousik Barik, Saptarshi Das, Karabi Konar, Bipasha Chakrabarti Banik, Archita Banerjee","doi":"10.1016/j.gltp.2021.08.043","DOIUrl":null,"url":null,"abstract":"<div><p>Network forensic tools enable security professionals to monitor network performance and compromises. These tools are used to monitor internal and external network attacks. Technological improvements have enabled criminals to wipe out tracks of cybercrime to elude alterations. Network forensics procedures use processes to expedite investigation by tracking each original packet and event that is generated in the network. There are many network forensic tools, both open source and commercial versions available in the market. In this work, the result of a survey participated by different experts in open source network forensic tools have been presented. The advantages, challenges, and necessities have been identified for network forensic investigation of such tools. A few open source network forensic tools have been studied and performed a comparative analysis based on six key parameters. Further, two malware datasets are analyzed using open source tools to perform investigation and present a comprehensive network forensic analysis comprising IO graphs, Flow graphs, TCP stream, UDP multicast stream, mac-based analysis, and operating system analysis.</p></div>","PeriodicalId":100588,"journal":{"name":"Global Transitions Proceedings","volume":"2 2","pages":"Pages 350-354"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.gltp.2021.08.043","citationCount":"5","resultStr":"{\"title\":\"Exploring user requirements of network forensic tools\",\"authors\":\"Kousik Barik, Saptarshi Das, Karabi Konar, Bipasha Chakrabarti Banik, Archita Banerjee\",\"doi\":\"10.1016/j.gltp.2021.08.043\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Network forensic tools enable security professionals to monitor network performance and compromises. These tools are used to monitor internal and external network attacks. Technological improvements have enabled criminals to wipe out tracks of cybercrime to elude alterations. Network forensics procedures use processes to expedite investigation by tracking each original packet and event that is generated in the network. There are many network forensic tools, both open source and commercial versions available in the market. In this work, the result of a survey participated by different experts in open source network forensic tools have been presented. The advantages, challenges, and necessities have been identified for network forensic investigation of such tools. A few open source network forensic tools have been studied and performed a comparative analysis based on six key parameters. Further, two malware datasets are analyzed using open source tools to perform investigation and present a comprehensive network forensic analysis comprising IO graphs, Flow graphs, TCP stream, UDP multicast stream, mac-based analysis, and operating system analysis.</p></div>\",\"PeriodicalId\":100588,\"journal\":{\"name\":\"Global Transitions Proceedings\",\"volume\":\"2 2\",\"pages\":\"Pages 350-354\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1016/j.gltp.2021.08.043\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Global Transitions Proceedings\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2666285X21000716\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Global Transitions Proceedings","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666285X21000716","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploring user requirements of network forensic tools
Network forensic tools enable security professionals to monitor network performance and compromises. These tools are used to monitor internal and external network attacks. Technological improvements have enabled criminals to wipe out tracks of cybercrime to elude alterations. Network forensics procedures use processes to expedite investigation by tracking each original packet and event that is generated in the network. There are many network forensic tools, both open source and commercial versions available in the market. In this work, the result of a survey participated by different experts in open source network forensic tools have been presented. The advantages, challenges, and necessities have been identified for network forensic investigation of such tools. A few open source network forensic tools have been studied and performed a comparative analysis based on six key parameters. Further, two malware datasets are analyzed using open source tools to perform investigation and present a comprehensive network forensic analysis comprising IO graphs, Flow graphs, TCP stream, UDP multicast stream, mac-based analysis, and operating system analysis.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
