Sciweavers

DI
2006

A portable network forensic evidence collector

14 years 15 days ago
A portable network forensic evidence collector
A small portable network forensic evidence collection device is presented which is built using inexpensive embedded hardware and open source software. The device oers several modes of operation for dierent live network evidence collection scenarios involving single network nodes. This includes the use of promiscuous packet capturing to enhance evidence collection from remote network sources, such as websites or other remote services. It operates at the link layer allowing the device to be transparently inserted inline between a network node and the rest of a network. It is simple to deploy, requiring no recon guration of the node or surrounding network infrastructure. The device can be precon gured in the forensics lab, and deployment delegated to sta not speci cally trained in forensics. Details of the architecture, construction and operation are described. Special attention is given to information security aspects of live network evidence collection.
Bruce J. Nikkel
Added 11 Dec 2010
Updated 11 Dec 2010
Type Journal
Year 2006
Where DI
Authors Bruce J. Nikkel
Comments (0)