ForNet: A Distributed Network Forensics System
- Nasir Memon | Computer Science Department, Polytechnic University, New York
In this talk we postulate that the current methodologies for collecting evidence to support network forensics neither scale well for large networks nor can store evidence long enough to be useful. We then explore the idea of storing evidence in the form of `synopses` in order to reduce storage constraints and to increase the longevity of collected evidence. Synopses reduce raw network traffic to succinct forms such that information useful for postmortems can be stored for prolonged periods of time. Furthermore, we propose an architecture for a system, called ForNet, that collects and disseminates the necessary evidence to support postmortems of security incidents.
We discuss the design and implementation of a prototype of the proposed architecture. ForNet is currently deployed at Polytechnic University and monitors network traffic around the clock. Finally, we demonstrate the feasibility of using synopses and ForNet in postmortems of security incidents by analyzing some events at the University.
-
-
Jeff Running
-
Watch Next
-
-
-
-
Accelerating MRI image reconstruction with Tyger
- Karen Easterbrook,
- Ilyana Rosenberg
-
-
-
-
From Microfarms to the Moon: A Teen Innovator’s Journey in Robotics
- Pranav Kumar Redlapalli
-
-
