Difference between pages "Network forensics" and "Cell phone forensics bibliography"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (added Tools:Logfile Analysis)
 
m
 
Line 1: Line 1:
'''Network forensics''' is the process of capturing information that moves over a [[network]] and trying to make sense of it in some kind of forensics capacity. A [[network forensics appliance]] is a device that automates this process.
+
==Academic Publications==
 +
; [http://www.waset.org/pwaset/v26/v26-6.pdf Data Acquisition from Cell Phone using Logical Approach], Keonwoo Kim, Dowon Hong, Kyoil Chung, and Jae-Cheol Ryou, PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY VOLUME 26 DECEMBER 2007 ISSN 1307-6884
 +
: This article discusses three approaches for acquiring data from cell phones: physically removing the flash RAM chips and reading them directly; reading the data out using the [[JTAG]] interface, and running software on the cell phone to extract the files at a logical level. The authors have built a logical extraction system and are working on a system based on JTAG.
  
There are both open source and proprietary network forensics systems available.  
+
; [http://portal.acm.org/citation.cfm?id=1363257 Forensics for Korean cell phone], Keonwoo Kim, Dowon Hong and Kyoil Chung, Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop, Adelaide, Australia, 2008.
  
== Open Source Network Forensics ==
+
; [http://www.ssddfj.org/papers/SSDDFJ_V2_1_Luck_Stokes.pdf An Integrated Approach to Recovering Deleted Files from NAND Flash Data], James Luck & Mark Stokes, SMALL SCALE DIGITAL DEVICE FORENSICS JOURNAL, VOL. 2, NO. 1, JUNE 2008 ISSN# 1941-6164
  
* [[Wireshark]]
+
==US Government Publications==
* [[Kismet]]
+
; [http://csrc.nist.gov/publications/nistpubs/800-101/SP800-101.pdf Guidelines on Cell Phone Forensics] (NIST SP 800-101), May 2007
* [[Snort]]
+
; [http://csrc.nist.gov/publications/nistir/nistir-7250.pdf Cell Phone Forensic Tools: An Overview and Analysis] (NISTIR 7250)
* [[OSSEC]]
+
; [http://csrc.nist.gov/publications/nistir/nistir-7100-PDAForensics.pdf PDA Forensic Tools: An Overview and Analysis] (NISTIR 7100)
* [[NetworkMiner]] is [http://sourceforge.net/projects/networkminer/ an open source Network Forensics Tool available at SourceForge].
+
* [[Xplico]] is an Internet/IP Traffic Decoder (NFAT). Protocols supported: [http://www.xplico.org/status.html HTTP, SIP, FTP, IMAP, POP, SMTP, TCP, UDP, IPv4, IPv6, ...].
+
  
== Commercial Network Forensics ==
 
===Deep-Analysis Systems===
 
* E-Detective [http://www.edecision4u.com/] [http://www.digi-forensics.com/home.html]
 
* Code Green Networks [http://www.codegreennetworks.com Content Inspection Appliance] - Passive monitoring and mandatory proxy mode. Easy to use Web GUI. Linux platform. Uses Stellent Outside In to access document content and metadata.
 
* ManTech International Corporation [http://www.netwitness.com/ NetWitness]
 
* Network Instruments [http://www.networkinstruments.com/]
 
* NIKSUN's [[NetDetector]]
 
* PacketMotion [http://www.packetmotion.com/]
 
* Sandstorm's [http://www.sandstorm.net/products/netintercept/ NetIntercept] - Passive monitoring appliance. Qt/X11 GUI. FreeBSD platform. Uses forensic parsers written by Sandstorm to access document content and metadata.
 
* Mera Systems [http://netbeholder.com/ NetBeholder]
 
  
===Flow-Based Systems===
+
[[Category:Bibliography]]
* Arbor Networks
+
* GraniteEdge Networks http://www.graniteedgenetworks.com/
+
* Lancope http://www.lancope.com/
+
* Mazu Networks http://www.mazunetworks.com/
+
 
+
===Hybrid Systems===
+
These systems combine flow analysis, deep analysis, and security event monitoring and reporting.
+
* Q1 Labs  http://www.q1labs.com/
+
 
+
== Tips and Tricks ==
+
 
+
* The time between two events triggered by an intruder (as seen in logfiles, for example) can be helpful. If it is very short, you can be pretty sure that the actions were performed by an automated script and not by a human user.
+
 
+
== See also ==
+
* [[Wireless forensics]]
+
* [[SSL forensics]]
+
* [[Tools:Network Forensics]]
+
* [[Tools:Logfile Analysis]]
+
 
+
[[Category:Network Forensics]]
+

Revision as of 20:17, 12 November 2008

Academic Publications

Data Acquisition from Cell Phone using Logical Approach, Keonwoo Kim, Dowon Hong, Kyoil Chung, and Jae-Cheol Ryou, PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY VOLUME 26 DECEMBER 2007 ISSN 1307-6884
This article discusses three approaches for acquiring data from cell phones: physically removing the flash RAM chips and reading them directly; reading the data out using the JTAG interface, and running software on the cell phone to extract the files at a logical level. The authors have built a logical extraction system and are working on a system based on JTAG.
Forensics for Korean cell phone, Keonwoo Kim, Dowon Hong and Kyoil Chung, Proceedings of the 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop, Adelaide, Australia, 2008.
An Integrated Approach to Recovering Deleted Files from NAND Flash Data, James Luck & Mark Stokes, SMALL SCALE DIGITAL DEVICE FORENSICS JOURNAL, VOL. 2, NO. 1, JUNE 2008 ISSN# 1941-6164

US Government Publications

Guidelines on Cell Phone Forensics (NIST SP 800-101), May 2007
Cell Phone Forensic Tools: An Overview and Analysis (NISTIR 7250)
PDA Forensic Tools: An Overview and Analysis (NISTIR 7100)