A Simple Framework for Distributed Forensics

Columbus, Ohio, USA June 06-June 10

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.24

Second International Workshop on Secu ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yongping Tang Articles by Thomas E. Daniels

	ASCII Text	x
	Yongping Tang, Thomas E. Daniels, "A Simple Framework for Distributed Forensics," Distributed Computing Systems Workshops, International Conference on, vol. 2, pp. 163-169, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005.

	BibTex	x
	@article{ 10.1109/ICDCSW.2005.24, author = {Yongping Tang and Thomas E. Daniels}, title = {A Simple Framework for Distributed Forensics}, journal ={Distributed Computing Systems Workshops, International Conference on}, volume = {2}, year = {2005}, issn = {1545-0678}, pages = {163-169}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.24}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems Workshops, International Conference on TI - A Simple Framework for Distributed Forensics SN - 1545-0678 SP163 EP169 A1 - Yongping Tang, A1 - Thomas E. Daniels, PY - 2005 KW - Distributed Forensics System KW - Agent KW - Proxy KW - Attack Attribution Graph VL - 2 JA - Distributed Computing Systems Workshops, International Conference on ER -

Yongping Tang, Iowa State University

Thomas E. Daniels, Iowa State University

Networks have become omnipresent in today?s world and part of the basic infrastructure. The safety problem is important and urgent for all the network users. But the current situation in this field is very severe — not only is it difficult to block network criminals but also in many cases unable to find them out. There is a growing need for systems that allow not only the detection of complex attacks, but after the fact understanding of what happened. This could be used in a forensic sense or simply as a managerial tool to recover and repair damaged systems.

There are few network systems that support forensic evidence collection and the current systems also lack effective attack attribution. In this paper, we will provide a network forensics framework based on the distributed techniques thereby providing an integrated platform for automatic forensic evidence collection and efficient data storage, supporting easy integration of known attribution methods, effective cooperation and an attack attribution graph generation mechanism to illustrate hacking procedures.

Index Terms:

Distributed Forensics System, Agent, Proxy, Attack Attribution Graph

Citation:

Yongping Tang, Thomas E. Daniels, "A Simple Framework for Distributed Forensics," icdcsw, vol. 2, pp.163-169, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.