|
|
 | ForNet | | ForNet, which is the core of Project
ForNet, is a distributed forensics network. It provides a scalable network
logging mechanism to aid forensics over wide area networks. As with
traditional packet loggers, ForNet creates logs of network traffic and is
also akin to distributed intrusion detection systems in that it can span
over multiple networks. But that is where the similarities end. Unlike
existing Network Forensic Analysis Tools (NFAT), ForNet strives to log
network traffic without discrimination so that the scope of a postmortem
analysis does not get limited by some a priori decisions about what
information to log and what not to log. To make this possible, ForNet
transforms raw network data into succinct forms which can be stored for a
prolonged period of time. The long-term goal of Project ForNet is to build
tools (both hardware and software) as well as techniques to reliably log and
analyze network traffic so as to support forensics and offer a platform for
providing forensically sound evidence for cyber-crimes.
Sponsors:
Participants: Kurt Rosenfeld
Hervé Brönnimann
Joel Wein
Bill Hery
Miroslav Ponec
Paul Giura
Kulesh Shanmugasundaram
Nasir Memon
Resources:
- Highly Efficient Techniques for Network Forensics, 14th ACM Conference on Computer and Communications Security, 2007, Alexandria, Virginia
- Payload Attribution via Hierarchical Bloom Filters, 11th ACM Conference on Computer and Communications Security, 2004, Washington, DC
- Nabs: A System for Detecting Resource Abuses via Characterization of Flow Content Type, Annual Computer Security Applications Conference, 2004, Tucson, Arizona
- ForNet: A Distributed Forensics Network, The Second International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, 2003, St. Petersburg, Russia
- ForNet: A Distributed Forensics Network (Talk), The Second International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security, 2003, St. Petersburg, Russia
Back to Projects |
|
|
|
