Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

INTRUSION DETECTION AS A NETWORK FORENSIC TOOL

advertisement 
INTRUSION DETECTION AS A NETWORK FORENSIC TOOL
Lecture by Peter Stephenson, CPE, PCE
Director of Technology, Netigy Corporation, San Jose, California
PhD Research Student, Oxford Brooks University, Oxford, UK
ABSTRACT: The concepts of intrusion detection and forensic analysis often are not considered together,
even though the intrusion detection system (IDS) is the most likely candidate for gathering information
useful in tracing and analyzing a network-based computer security incident. From the standpoint of the
security practitioner, the primary use for the IDS is detection and response. To extend that to include
forensic analysis of the event implies going outside the parameters of most intrusion detection systems.
Contrary to that belief, however, is the obvious concept that, when an event occurs, there is a high
probability that the IDS will be the only thing watching the network in significant enough detail to capture
the event and any precursor events in their entirety. Thus, the application of the output of an IDS to the
investigation and potential prosecution of an attack against computers on a network is of interest both to
practitioners and to researchers.
This lecture will discuss the details of intrusion detection systems in the context of their use as investigative
tools, fundamentals of forensic computer analysis and network forensic analysi,s and some potential
methods of combining techniques to enable investigation and prosecution of computer-related crime.
Specific topics to be covered include:









Intrusion detection system architectures
Application of forensic computer analysis
Current network forensic analysis techniques
Legal requirements for the use of forensic evidence
Using forensics for system recovery (operational forensics)
Examination of an IDS suitable for use in forensic analysis of attacks
Problems and challenges in the forensic application of intrusion detection
Current research
Future research opportunities
The lecture will include demonstrations of the SNORT intrusion detection system and its use as an analysis
tool and the enCase forensic computer analysis tool.
The following will assist in preparing the attendee for this lecture:





A reasonable understanding of the SNORT intrusion detection system (http://www.snort.org several papers)
“Know Your Enemy: Statistics” – the Honeynet Project (http://project.honeynet.org/)
Intrusion Detection – Amoroso
“Know Your Enemy: A Forensic Analysis” - – the Honeynet Project
(http://project.honeynet.org/)
“Defeating Sniffers and Intrusion Detection Systems” Phrack Magazine Volume 8, Issue 54 Dec
25th, 1998, article 10 of 12
A detailed lecture topic listing may be obtained by e-mailing peter.Stephenson@netigy.com.
Related documents
Advanced Placement Biology - Montville Township School District
Advanced Placement Biology - Montville Township School District
forensic outline
forensic outline
A Data Driven Framework for Attribution and Correlation in Intrusion
A Data Driven Framework for Attribution and Correlation in Intrusion
Qualifying Digital Forensic Practitioners as Expert
Qualifying Digital Forensic Practitioners as Expert
Laboratory/Physical Sciences This is a provisional appointment
Laboratory/Physical Sciences This is a provisional appointment
Forensic Visualization
Forensic Visualization
DEPARTMENT OF MANAGEMENT SERVICES For Reference Only
DEPARTMENT OF MANAGEMENT SERVICES For Reference Only
Wildlife Forensics
Wildlife Forensics
Yr 9 Forensics Curric Overview
Yr 9 Forensics Curric Overview
Forensic Scientist – Forensic Biology
Forensic Scientist – Forensic Biology
International Journal of Application or Innovation in Engineering & Management... Web Site: www.ijaiem.org Email: Volume 4, Issue 6, June 2015
International Journal of Application or Innovation in Engineering & Management... Web Site: www.ijaiem.org Email: Volume 4, Issue 6, June 2015
MANDIANT Network Traffic Analysis
MANDIANT Network Traffic Analysis
Auralization of Intrusion Detection System using
Auralization of Intrusion Detection System using
Coordinated Topic Presentations for Information Systems Core
Coordinated Topic Presentations for Information Systems Core
Download
advertisement