Preview

Intrusion Detection

Satisfactory Essays
Open Document
Open Document
403 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Intrusion Detection
INTRUSION DETECTION AS A NETWORK FORENSIC TOOL
Lecture by Peter Stephenson, CPE, PCE
Director of Technology, Netigy Corporation, San Jose, California
PhD Research Student, Oxford Brooks University, Oxford, UK

ABSTRACT: The concepts of intrusion detection and forensic analysis often are not considered together, even though the intrusion detection system (IDS) is the most likely candidate for gathering information useful in tracing and analyzing a network-based computer security incident. From the standpoint of the security practitioner, the primary use for the IDS is detection and response. To extend that to include forensic analysis of the event implies going outside the parameters of most intrusion detection systems.

Contrary to that belief, however, is the obvious concept that, when an event occurs, there is a high probability that the IDS will be the only thing watching the network in significant enough detail to capture the event and any precursor events in their entirety. Thus, the application of the output of an IDS to the investigation and potential prosecution of an attack against computers on a network is of interest both to practitioners and to researchers.

This lecture will discuss the details of intrusion detection systems in the context of their use as investigative tools, fundamentals of forensic computer analysis and network forensic analysi,s and some potential methods of combining techniques to enable investigation and prosecution of computer-related crime.

Specific topics to be covered include:

• Intrusion detection system architectures • Application of forensic computer analysis • Current network forensic analysis techniques • Legal requirements for the use of forensic evidence • Using forensics for system recovery (operational forensics) • Examination of an IDS suitable for use in forensic analysis of attacks • Problems and challenges in the forensic application of intrusion detection

You May Also Find These Documents Helpful

  • Powerful Essays

    IS3220 FINAL STUDY GUIDE

    • 1708 Words
    • 7 Pages

    Investigator provides security operations staff, auditors, and fraud and forensics investigators the power to perform unprecedented free-form contextual analysis of raw network data captured and reconstructed…

    • 1708 Words
    • 7 Pages
    Powerful Essays
  • Satisfactory Essays

    The explosive growth and popularity of the Internet have resulted in thousands of structured query able information sources. Most organizations are familiar with Penetration Testing and other ethical hacking techniques as a means to understanding the current security status of their information system assets. Consequently, much of the focus of research, discussion, and practice, has traditionally been placed upon active probing and exploitation of security vulnerabilities. Since this type of active probing involves interacting with the target, it is often easily identifiable with the analysis of firewall and intrusion detection/prevention device (IDS or IPS) log files.…

    • 501 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Following the proper procedures within the means of the law and following a chain of command will help to ensure a conviction in cybercrimes. There are many different kinds of cybercrime, knowing the investigative process for the differences will assist in locating electronic evidence. The electronic evidence may include following Internet Protocol (IP) addresses, computer history logs, emails, files, and videos. While poor investigating will let the criminal avoid prosecution, conducting a proper cybercrime investigation can ensure a conviction.…

    • 664 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing packets to…

    • 338 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Riordan Security Issues

    • 1371 Words
    • 6 Pages

    Shaw, R. (2009). Intrusion prevention systems market trends. Faulkner Information Services. Retrieved September 22, 2009, from…

    • 1371 Words
    • 6 Pages
    Powerful Essays
  • Better Essays

    Lab2 Snort

    • 1322 Words
    • 4 Pages

    References: CSEC 630 Lab2 -Intrusion Detection System and Protocol Analysis Lab (n.d.). University of Maryland University College. Retrieved from: https://learn.umuc.edu/d2l/common/viewFile.d2lfile/Database/NzkyMzkw/CSEC630_lab2_LEO.pdf?ou=33745…

    • 1322 Words
    • 4 Pages
    Better Essays
  • Powerful Essays

    Digital Crime

    • 5203 Words
    • 21 Pages

    Podgor, Ellen. (n.d.). COMPUTER CRIME. encyclopedia of crime and justice entries. Retrieved (2010, May 6) from http://www.highbeam.com/doc/1G2-3403000048.html…

    • 5203 Words
    • 21 Pages
    Powerful Essays
  • Powerful Essays

     Identify at least two types of security events and baseline anomalies that might indicate suspicious activity.…

    • 1066 Words
    • 5 Pages
    Powerful Essays
  • Satisfactory Essays

    Crt 205 Final Project

    • 2361 Words
    • 10 Pages

    |1 |Identify the principal issue presented by the |the requirement for investigation and prosecution of the computer network |…

    • 2361 Words
    • 10 Pages
    Satisfactory Essays
  • Good Essays

    Gandhi, M. , & Srivatsa, S. Detecting and preventing attacks using network intrusion. International Journal of Computer Science and Security, 2(1), 49-60. Retrieved , from http://www.cscjournals.org/csc/manuscript/Journals/IJCSS/Volume2/Issue1/IJCSS-28.pdf…

    • 1443 Words
    • 6 Pages
    Good Essays
  • Good Essays

    Case Project 5-3 & 5-5

    • 865 Words
    • 4 Pages

    Under the silver platter doctrine, evidence obtained by state agents in an unreasonable search and seizure was admissible in a federal criminal trial, where no federal agent participated in a search and seizure and the state officers did not act solely on behalf of the United States (Hills, 1999). Simply put, federal officers cannot allow state police to do the dirty work, and then claim that they did not violate search and seizure rights. By analogy, no government agent can stand by, allow a private citizen to violate search and seizure strictures on the government 's behalf, and then claim innocence as to the violation (Hills, 1999).…

    • 865 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    After the preservation phase, forensics are required to locate and identify any evidence that can be used to aid the crime case. There are several locations where evidence are usually found such as in the hard drive on the user’s personal computer, laptop, smart phone or tablet (ACPO, 2012). It is also critical that forensics are aware of the intention of the particular investigation. This aids in the forensics' efforts of locating digital evidences that are relevant to the case. For example, in the case of a server intrusion, forensics should look out for signs such as a rootkit installation, analyze configuration files, logs files and etc. These are possible locations and processes where traces of evidence can be picked out from (Carrier and Spafford, 2003).…

    • 257 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Cis 417 Assignment 1

    • 755 Words
    • 4 Pages

    As a system forensics specialist I am here to help your business achieve goals based on security and confidentiality. Some of my basic tasks and high level investigation process is to use evidence to reconstruct past events and activities. Forensic specialist also use evidence to gain a better understanding of a crime (John R. Vacca & K Rudolph, 2011). I will also use this evidence to show possession and handling of digital data.…

    • 755 Words
    • 4 Pages
    Good Essays
  • Better Essays

    Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7, S64–S73.…

    • 1084 Words
    • 5 Pages
    Better Essays
  • Powerful Essays

    References: Britz, Marjie T. (2003). Traditional Problems in Computer Investigations. Computer Forensics and Cyber Crime: An Introduction, 144. New Jersey: Pearson Education, Inc.…

    • 1568 Words
    • 6 Pages
    Powerful Essays

Related Topics