Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Agent-based forensic investigations with an integrated framework.
Buchanan, William J; Graves, Jamie; Saliou, Lionel; Sebea, A L; Migas, Nikos
Authors
Jamie Graves
Lionel Saliou
A L Sebea
Nikos Migas
Abstract
Forensics investigations can be flawed for many reasons, such as that they can lack any real evidence of an incident. Also, it can be the case that the legal rights of an individual has been breached, or that the steps taken in the investigation cannot be verified. This paper outlines an integrated framework for both data gathering, using mobile and static agents, and also in the creation of a data gathering system which logs data in a verifiable and open way. Forensic information which is gathered over a network is often more verifiable over host-based data gathering. The framework for logging data for future investigations uses a formal approach where a forensics policy is defined, which is then compiled into an implementation which can run on agent systems, such as with SNMP agents, and IDS (Intrusion Detection System) agents. The paper also proposes a system which uses mobile and static agents to formalize the investigation process. This should produce investigations which can be verified, and which are programmed the expertise of an investigator, and also contain legal and moral programming to constrain the limits of a forensic investigation.
Citation
Buchanan, W. J., Graves, J., Saliou, L., Sebea, A. L., & Migas, N. (2005). Agent-based forensic investigations with an integrated framework.
| Conference Name | 4th European Conference of Information Warfare and Security |
|---|---|
| Start Date | Jul 11, 2005 |
| End Date | Jul 12, 2005 |
| Publication Date | 2005 |
| Deposit Date | Dec 23, 2010 |
| Publicly Available Date | Dec 23, 2010 |
| Peer Reviewed | Peer Reviewed |
| Keywords | Agents; mobile agents; intrusion detection; SNMP; integrated framework; |
| Public URL | http://researchrepository.napier.ac.uk/id/eprint/3953 |
| Contract Date | Dec 23, 2010 |
Files
2005_eciw_forensic_agents_new.pdf
(297 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nc/4.0/
You might also like
A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS).
(2011)
Presentation / Conference Contribution
Cloud-based digital forensics evaluation test (D-FET) platform.
(2011)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search