Show simple item record

dc.contributor.advisorSarkar, Nurul
dc.contributor.authorAmmann, Roman
dc.date.accessioned2012-09-16T20:49:48Z
dc.date.available2012-09-16T20:49:48Z
dc.date.copyright2012
dc.date.created2012
dc.date.issued2012-09-17
dc.identifier.urihttp://hdl.handle.net/10292/4605
dc.description.abstractA computer network is considered forensically ready, when crucial evidence for a forensic investigation is proactively collected and easily available. While the benefits of a forensically ready network are well understood, the exact information required to be collected to achieve forensic readiness is largely unknown. This thesis focuses on identifying and locating the information that is essential for successful forensic investigations in an IPv6 network. Without the knowledge of what information should be retained, the approach to achieving forensic readiness is likely to be unstructured and crucial information for an investigation might be missed. This study conducted an empirical investigation to identify and extract forensic information from network protocol standards and related literature. Malicious and genuine network scenarios were run and retraced in a test bed to elicit the information that is significant for a forensic investigation. The network scenarios were grouped by network layer and the layers were processed bottom-up to resolve dependencies of the higher layers on the lower layers. A subset of network scenarios was exclusively used to ascertain the effectiveness of the identified information (hold-out approach). This thesis identifies the information in an IPv6 network that is relevant for a successful forensic investigation. Further, the thesis also proposes an optimisation phase as an extension of the National Institute of Standards and Technology (NIST) forensic life-cycle. This phase allows to improve the forensic readiness further through the identification of missing information after conducting a forensic investigation in the network. Finally, design and deployment strategies for implementing a forensically ready network are outlined and recommendations are made for mastering key issues related to forensic readiness.en_NZ
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.subjectNetwork forensicsen_NZ
dc.subjectForensic readinessen_NZ
dc.subjectIPv6en_NZ
dc.subjectBottom-up approachen_NZ
dc.titleNetwork Forensic Readiness: a bottom-up approach for IPv6 networksen_NZ
dc.typeThesis
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Forensic Information Technologyen_NZ
thesis.degree.discipline
dc.rights.accessrightsOpenAccess
dc.date.updated2012-09-14T22:22:33Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record