查看文章

With increasing crimes and attacks being committed online by adversaries from remote sites, it is vital for law enforcement and public security that forensics investigation into the nature and source of these network attacks be effective and successful in bringing the criminals to justice. The network forensics investigation process is complex and processing-intensive such as sifting through network traffic and examining them for evidence, thus it is desirable to approach this task systematically and efficiently with as much structure as is feasible. This paper proposes a model for network forensics analysis that captures appropriately defined adversarial capability and structured by a layered approach to investigation. The former approach eliminates the need to presume on the adversarys behaviour and is independent of specific attack styles, thus is generic; while the latter approach facilitates a more network-intuitive and …