Show simple item record

dc.contributor.advisorCusack, Brian
dc.contributor.authorCoad, Bryce Antony
dc.date.accessioned2017-05-31T01:56:31Z
dc.date.available2017-05-31T01:56:31Z
dc.date.copyright2017
dc.date.created2017
dc.identifier.urihttp://hdl.handle.net/10292/10496
dc.description.abstractThe acceptability of evidence in court is dependent upon stringent criteria for its admissibility. One of the leading guidelines is the Daubert criteria which asserts five requirements for admissibility. These criteria assert scientific principles that must be complied. The focus on the scientific testing of Digital Forensics tools is often glossed over by accepting commonly used proprietary tools without delving into their performance. In particular, Daubert states that the known error rates of a scientific procedure must be published, and that the scientific procedures must be independently tested. In this thesis, I am concerned about the satisfaction of Daubert’s key points when collecting digital forensic information that is evidentially sound: • The scientific procedure must be independently tested. • The scientific procedure should be published and subjected to peer review. • Are there standards and protocols for the execution of the methodology of the scientific procedure? • Is the scientific procedure generally accepted by the relevant scientific communities • Is there a known error rate or potential to know the error rate associated with the use of the scientific procedure (Daubert v. Merrell Dow Pharmaceuticals, 1993) Without known error rates and falsifiability criterion, digital evidence should not be in courtrooms. In this thesis the relevant literature and conceptual scope of the problem is explored theoretically, and then network tools tested empirically. The thesis is an initial investigation into whether there are error rates above zero when a network tool is used for evidence collection. The contribution is to both the digital forensic investigation community as well as to the law practitioners and judicial profession by demonstrating a potential problem with network forensic data. The performance of two tools was tested by subjecting them to increasing packet loads and measuring their performance. The results were then measured against the baseline of expected outputs and the differences noted. These differences were then used to generate an error rate in the form of a percentage. As part of the methodology the assertion was that, the tools would perform without error. Therefore, the research question is: Research Question: Can the Network Management System and the Network Packet Capture tool, achieve zero errors for digital forensic purposes? Thus, the research goal of this thesis is to determine whether a computer system can capture relevant information systematically and comprehensively for post incident forensic presentation that complies with legal requirements of completeness. The findings demonstrated that the popular network tools selected had significant error rates that are not published. The error margins indicate that a large number of packets that are potentially evidential are lost as the work rate increases. This will in turn affect the validity of data presented as evidential. I recommend that the concepts developed within this thesis be expanded and codified through future research. That a professionally accepted assertion test bench be developed and test case methodology procedures formulated. Thus, transference can be assured, where tools tested under many scenarios through many assertion tests can provide an acceptable level of assurance. Therefore, the desired outcome is that error rates can be determined by the forensic examiner as a standard part of digital network forensic readiness and provided along with evidential data.en_NZ
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.subjectDigital Forensicsen_NZ
dc.subjectForensic Readinessen_NZ
dc.subjectNetwork Forensic Tool Error Ratesen_NZ
dc.subjectLegal Forensic Evidence Requirementsen_NZ
dc.titleNetwork Packet Management Optimisation for Business Forensic Readinessen_NZ
dc.typeThesis
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Information Security and Digital Forensicsen_NZ
dc.rights.accessrightsOpenAccess
dc.date.updated2017-05-29T02:15:35Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record