Network Forensic Evidence Generation and Verification Scheme (NFEGVS)

Hyungseok Kim, Eunjin Kim, Seungmo Kang, Huy Kang Kim

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

One of the critical success factors of the cybercrime investigation is exact tracing back of hacker’s origin. However, criminals can easily modify or delete log files on victim machines. In addition, criminals can easily modify the source IP address so that network packet cannot be a strong evidence because it is easily spoofed. This study suggests a scheme for network forensic evidence generation and verification. This proposed scheme can show the attacker’s source location and guarantee the integrity of address fields. This scheme also can minimize the performance degradation of routers when generating forensic evidence via flow-based evidence traffic analysis.

Original languageEnglish
Pages (from-to)261-273
Number of pages13
JournalTelecommunication Systems
Volume60
Issue number2
DOIs
Publication statusPublished - 2015 Oct 28

Fingerprint

Packet networks
Routers
Degradation
Digital forensics

Keywords

  • IP traceback
  • Network forensic
  • Network forensic evidence
  • Packet marking

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Network Forensic Evidence Generation and Verification Scheme (NFEGVS). / Kim, Hyungseok; Kim, Eunjin; Kang, Seungmo; Kim, Huy Kang.

In: Telecommunication Systems, Vol. 60, No. 2, 28.10.2015, p. 261-273.

Research output: Contribution to journalArticle

@article{f3ec6688c98942a691773622fddb5473,
title = "Network Forensic Evidence Generation and Verification Scheme (NFEGVS)",
abstract = "One of the critical success factors of the cybercrime investigation is exact tracing back of hacker’s origin. However, criminals can easily modify or delete log files on victim machines. In addition, criminals can easily modify the source IP address so that network packet cannot be a strong evidence because it is easily spoofed. This study suggests a scheme for network forensic evidence generation and verification. This proposed scheme can show the attacker’s source location and guarantee the integrity of address fields. This scheme also can minimize the performance degradation of routers when generating forensic evidence via flow-based evidence traffic analysis.",
keywords = "IP traceback, Network forensic, Network forensic evidence, Packet marking",
author = "Hyungseok Kim and Eunjin Kim and Seungmo Kang and Kim, {Huy Kang}",
year = "2015",
month = "10",
day = "28",
doi = "10.1007/s11235-015-0028-3",
language = "English",
volume = "60",
pages = "261--273",
journal = "Telecommunication Systems",
issn = "1018-4864",
publisher = "Springer Netherlands",
number = "2",

}

TY - JOUR

T1 - Network Forensic Evidence Generation and Verification Scheme (NFEGVS)

AU - Kim, Hyungseok

AU - Kim, Eunjin

AU - Kang, Seungmo

AU - Kim, Huy Kang

PY - 2015/10/28

Y1 - 2015/10/28

N2 - One of the critical success factors of the cybercrime investigation is exact tracing back of hacker’s origin. However, criminals can easily modify or delete log files on victim machines. In addition, criminals can easily modify the source IP address so that network packet cannot be a strong evidence because it is easily spoofed. This study suggests a scheme for network forensic evidence generation and verification. This proposed scheme can show the attacker’s source location and guarantee the integrity of address fields. This scheme also can minimize the performance degradation of routers when generating forensic evidence via flow-based evidence traffic analysis.

AB - One of the critical success factors of the cybercrime investigation is exact tracing back of hacker’s origin. However, criminals can easily modify or delete log files on victim machines. In addition, criminals can easily modify the source IP address so that network packet cannot be a strong evidence because it is easily spoofed. This study suggests a scheme for network forensic evidence generation and verification. This proposed scheme can show the attacker’s source location and guarantee the integrity of address fields. This scheme also can minimize the performance degradation of routers when generating forensic evidence via flow-based evidence traffic analysis.

KW - IP traceback

KW - Network forensic

KW - Network forensic evidence

KW - Packet marking

UR - http://www.scopus.com/inward/record.url?scp=84940452356&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84940452356&partnerID=8YFLogxK

U2 - 10.1007/s11235-015-0028-3

DO - 10.1007/s11235-015-0028-3

M3 - Article

AN - SCOPUS:84940452356

VL - 60

SP - 261

EP - 273

JO - Telecommunication Systems

JF - Telecommunication Systems

SN - 1018-4864

IS - 2

ER -