Affiliation:
1. Australian Federal Police College, Australia
Abstract
Network Forensics is a powerful sub-discipline of digital forensics. This chapter examines innovations in forensic network acquisition, and in particular in attribution of network sources behind network address translated gateways. A novel algorithm for automatically attributing traffic to different sources is presented and then demonstrated. Finally we discuss some innovations in decoding of forensic network captures. We illustrate how web mail can be extracted and rendered and in particular give the example of Gmail as a modern AJAX based webmail provider of forensic significance.
Reference39 articles.
1. Ajax (programming). (2008, March). Retrieved from http://en.wikipedia.org/wiki/AJAX
2. Bagnulo, M., Baker, F., & van Beijnum, I. (2008, May). IPv4/IPv6 Coexistence and Transition: Requirements for solutions. Retrieved from http://tools.ietf.org/id/draft-ietf-v6ops-nat64-pb-statement-req-00.txt
3. Bellovin, S. M. (2002). A technique for counting NATed hosts. In IMW '02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (pp. 267-272). New York: ACM. Retrieved from http://www.cs.columbia.edu/~smb/papers/fnat.pdf
4. Biondi, P. (2003). Scapy. Retrieved from http://www.secdev.org/projects/scapy/
5. Network traffic as a source of evidence: tool strengths, weaknesses, and future needs