Sciweavers

AUSFORENSICS
2003

Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation

14 years 25 days ago
Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation
An attempt at determining the source of anomalous network traffic may result in the identification of the networked system where it originated. From a forensic point of view it is almost impossible to positively identify the application or the user behind the application that generated the traffic. Many users may have been using the networked system and there remains the possibility of network traffic generation by Trojan horses. We propose a network-access log that bridges the gap between system event logs and network monitoring by extending event logging on individual hosts with information pertaining to generation of network traffic. The key contribution of the proposed network access audit log is the establishment of the chain of evidence linking the outgoing traffic to its source thereby improving the network security of an intranet. Keywords Security Monitoring, Forensic Investigation, Network Monitoring, Event Log.
Atif Ahmad, Tobias Ruighaver
Added 31 Oct 2010
Updated 31 Oct 2010
Type Conference
Year 2003
Where AUSFORENSICS
Authors Atif Ahmad, Tobias Ruighaver
Comments (0)