TY - GEN
T1 - An improved approach towards network forensic investigation of HTTP and FTP protocols
AU - Manesh, T.
AU - Brijith, B.
AU - Singh, Mahendra Prathap
PY - 2011/9/14
Y1 - 2011/9/14
N2 - Network packet analysis and reconstruction of network sessions are more sophisticated processes in any network forensic and analysis system. Here we introduce an integrated technique which can be used for inspecting, reordering and reconstructing the contents of packets in a network session as part of forensic investigation. Network analysts should be able to observe the stored packet information when a suspicious activity is reported and should collect adequate supporting evidences from stored packet information by recreating the original data/files/messages sent/received by each user. Thus suspicious user activities can be found by monitoring the packets in offline. So we need an efficient method for reordering packets and reconstructing the files or documents to execute forensic investigation and to create necessary evidence against any network crime. The proposed technique can be used for content level analysis of packets passing through the network based on HTTP and FTP protocols and reports deceptive network activities in the enterprise for forensic analysis.
AB - Network packet analysis and reconstruction of network sessions are more sophisticated processes in any network forensic and analysis system. Here we introduce an integrated technique which can be used for inspecting, reordering and reconstructing the contents of packets in a network session as part of forensic investigation. Network analysts should be able to observe the stored packet information when a suspicious activity is reported and should collect adequate supporting evidences from stored packet information by recreating the original data/files/messages sent/received by each user. Thus suspicious user activities can be found by monitoring the packets in offline. So we need an efficient method for reordering packets and reconstructing the files or documents to execute forensic investigation and to create necessary evidence against any network crime. The proposed technique can be used for content level analysis of packets passing through the network based on HTTP and FTP protocols and reports deceptive network activities in the enterprise for forensic analysis.
UR - http://www.scopus.com/inward/record.url?eid=2-s2.0-80054813095&partnerID=MN8TOARS
U2 - 10.1007/978-3-642-24037-9_38
DO - 10.1007/978-3-642-24037-9_38
M3 - Conference contribution
SN - 9783642240362
T3 - Communications in Computer and Information Science
SP - 385
EP - 292
BT - Advances in Parallel Distributed Computing
PB - Springer Berlin
CY - Berlin
ER -