Repository logo
 

Network Forensic Readiness: A Bottom-Up Approach for IPv6 Networks

Files

Whole thesis(1.49 MB)

Date

2012

Authors

Supervisor

Sarkar, Nurul

Item type

Thesis

Degree name

Master of Forensic Information Technology

Journal Title

Journal ISSN

Volume Title

Publisher

Auckland University of Technology

Abstract

A computer network is considered forensically ready, when crucial evidence for a forensic investigation is proactively collected and easily available. While the benefits of a forensically ready network are well understood, the exact information required to be collected to achieve forensic readiness is largely unknown. This thesis focuses on identifying and locating the information that is essential for successful forensic investigations in an IPv6 network. Without the knowledge of what information should be retained, the approach to achieving forensic readiness is likely to be unstructured and crucial information for an investigation might be missed. This study conducted an empirical investigation to identify and extract forensic information from network protocol standards and related literature. Malicious and genuine network scenarios were run and retraced in a test bed to elicit the information that is significant for a forensic investigation. The network scenarios were grouped by network layer and the layers were processed bottom-up to resolve dependencies of the higher layers on the lower layers. A subset of network scenarios was exclusively used to ascertain the effectiveness of the identified information (hold-out approach). This thesis identifies the information in an IPv6 network that is relevant for a successful forensic investigation. Further, the thesis also proposes an optimisation phase as an extension of the National Institute of Standards and Technology (NIST) forensic life-cycle. This phase allows to improve the forensic readiness further through the identification of missing information after conducting a forensic investigation in the network. Finally, design and deployment strategies for implementing a forensically ready network are outlined and recommendations are made for mastering key issues related to forensic readiness.

Description

Keywords

Network forensics, Forensic readiness, IPv6, Bottom-up approach

Source

DOI

Publisher's version

Rights statement

Permanent link

https://hdl.handle.net/10292/4605

Collections

Masters Theses