A Method for Solving Problems in Acquiring Communication Logs on End Hosts-Reference-Cited by-同舟云学术

A Method for Solving Problems in Acquiring Communication Logs on End Hosts

Published:2024-05-16 Issue:2 Volume:4 Page:483-500
ISSN:2673-6470
Container-title:Digital
language:en
Short-container-title:Digital

Author:

Fukuta Youji¹^ORCID,Shiraishi Yoshiaki²^ORCID,Hirotomo Masanori³^ORCID,Mohri Masami¹^ORCID

Affiliation:

1. Faculty of Science and Engineering, Cyber Informatics Research Institute, Kindai University, Higashiosaka 577-8502, Japan

2. Graduate School of Engineering, Kobe University, Kobe 657-8501, Japan

3. Faculty of Science and Engineering, Saga University, Saga 840-8502, Japan

Abstract

In the process of collecting evidence of activities and events in network devices, there are problems with content and storage, and we aim to solve the problems faced by network devices in network forensics. In this paper, we propose a simple method for solving the problems with content and storage in acquiring communication logs on end hosts, implement a sniffing tool that captures raw packets with communication event control, compare it with existing tools, and conduct experiments and considerations. Through these experiments and considerations, we confirmed that the proposed communication log acquisition method can be implemented on the end host, and that the problem can be solved by using a tool that implements the proposed method. Also, we confirmed that it can be applied to real-world communication log collection scenarios, and that it can coexist with existing systems and tools that collect communication logs.

Funder

Ministry of Internal Affairs and Communications

Publisher

MDPI AG

Link

https://www.mdpi.com/2673-6470/4/2/24/pdf

Reference20 articles.

1. Davidoff, S., and Ham, J. (2012). Network Forensics: Tracking Hackers through Cyberspace, Pearson Education, Inc.

2. (2024, January 10). NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response, Available online: https://csrc.nist.gov/pubs/sp/800/86/final.

3. Detection and analysis cerber ransomware based on network forensics behavior;Kurniawan;Int. J. Netw. Secur.,2018

4. Network Forensics: A Comprehensive Review of Tools and Techniques;Qureshi;Int. J. Adv. Comput. Sci. Appl. (IJACSA),2021

5. Li, J., Wu, C., Ye, J., Ding, J., Fu, Q., and Huang, J. (2019, January 5–8). The Comparison and Verification of Some Efficient Packet Capture and Processing Technologies. Proceedings of the 2019 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), Fukuoka, Japan.