dfm covers
 
 

Using Network Intrusion Detection Systems to Acquire Evidence

Written by DFMag


Using Network Intrusion Detection Systems to Acquire Evidence

An important digital forensics process related to security hacking incidents is to collect information from log meta data that are stored in network firewalls, network intrusion detection systems (NIDS), databases, web servers and operation systems. However, the main problem with these logs is that they are designed for debugging systems and that they are often lacking capability for forensics purposes. This leads to the collection of incomplete information about the attack and the attacker for further investigation. The problem is further compounded by the inability of NIDS to collect complete data sets when workloads increase. Our research assessed the value of NIDS for evidential purposes in different environments and with different NIDS products. We concluded that there are complexities that require management and technical capabilities that require improvement before a NIDS can provide adequate evidence for legal purposes. Many current uses of NIDS result in incremental changes in security systems but often fall short of tracking offenders and retaining robust evidence. Therefore, there is a need for new techniques to help address the problem and to improve the quality and efficiency of the evidence collection.




Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Noemi Kuncik

Noemi Kuncik is an IT Forensics Specialist at Grant Thornton

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 39 on sale from February 2019:


Making Sense of Digital Forensic International Standards

To many the complexity of Standards, their numbering and obscure contents fail to make practical sense and confuse the entry points for effective use. A roadmap is provided in this paper for Standard information access and optimal use. Read More »

Evidentiary Challenges: Social media, the Dark Web, and Admissibility

This article takes a look at two categories of remote evidence: social media, and the dark web. We will also examine two interesting cases: The Target store credit card breach; and the civil case of Fero v Excellus Health Plan, Inc. Read More »

Subscribe today


Vehicle Data Forensics on Unsupported Systems

The article will help readers understand how to approach a vehicle from a digital forensics’ perspective, it will cover a range of infotainment units from popular manufacturers, data extraction methods and examples of data types found which may be considered intelligence and or used as digital evidence. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue