A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics
Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody...
| Main Authors: | , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/3668/ http://umpir.ump.edu.my/id/eprint/3668/1/48ICoCSIM.pdf |
| Summary: | Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody that are not properly managed or addressed. Therefore, people with intentions may disrupt the collection process and tampered the contents of the stored evidence. Considering these issues, this paper proposes a Defensive Evidence Model (DEM) to manage the evidence collection processes as well as providing defensive measures to protecting the evidence. Features of DEM were adapted from four security models; Bell-LaPadula, Biba, Clark-Wilson and Goguen-Meseguer Model and integrated with the Forensics Investigation process. The assessment of DEM performed from two different aspects, first by analyzing the attack and second, evaluating the process through CIAA security requirements to determine the workability of the created model. |
|---|