PricingBlogAbout Us

Network Forensics: Analyzing Digital Evidence to Locate Worm Entry

Verified

Added on  2023/04/25

|6
|1303
|146
Report
AI Summary
This report discusses the analysis of digital evidence on a network channel, focusing on identifying increased threat activity, examining network ports and email servers, and using timestamps for backtracking to locate the source of a worm. Network Forensics Analysis Tools (NFAT) are crucial for monitoring, recording, and analyzing network events to uncover the source and path of security attacks. The report highlights the role of NFAT in monitoring network events, identifying malicious attacks, and capturing and analyzing network traffic. It also explores how NFAT uses algorithms for content analysis, particularly in identifying patterns between senders and receivers. The importance of timestamp synchronization and data integrity in intrusion detection systems (IDS) and NFAT is emphasized, as it enables administrators to understand content, patterns, and time sequences to efficiently analyze threats. The report concludes that network forensics ensures a better response to network-related attacks and that the responsible use of network connections is essential to prevent malicious attacks.
Document Page
Running head: DIGITAL EVIDENCE ANALYSIS ON A NETWORK CHANNELDIGITAL
EVIDENCE ANALYSIS ON A NETWORK CHANNEL
DIGITAL EVIDENCE ANALYSIS ON A NETWORK CHANNEL
Name of the Student:
Name of the University:
Author Note:
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1ReferenceReference
Table of Contents
INTRODUCTION......................................................................................................................2
DISCUSSION............................................................................................................................2
Identification of chain of increased threat activity.................................................................2
Identification of increased threat activity between network ports and e-mail servers...........3
The role of timestamps in backtracking for source’s location...............................................3
CONCLUSION..........................................................................................................................4
Reference....................................................................................................................................6
Document Page
2ReferenceReference
INTRODUCTION
In the modern world of digitalization, networks are constantly being updated and
upgraded for efficient usage. With the traits of good impacts; also follows the security risks
related to it. One of the most vulnerable malware affecting a network system is a worm.
These worms spread over the computer networks by consumption of bandwidth, overloading
of web servers and payloads that damage host computers. According to the problem, it has
been observed that a worm has infected many enterprise networks, continentally. The
network admins are also constantly performing real-time analysis to watch the travel of worm
across the network though the usage of the Network Forensic Analysis Tools.
This study aims to discuss about the identification of the area where increased threat
activity has been noticed, identification of the increased activity with respect to network ports
or e-mail servers and the role of timestamps in backtracking to locate the entry point of the
worm.
DISCUSSION
Identification of chain of increased threat activity
Network forensics deals with the monitoring, recording, capturing and analysis with
respect to the events of a network channel to discover information about the source and path
of security attack (Adeyemi, Razak & Azhan, 2013).Here, NFAT helps in monitoring the
events of network which might have caused significant impact with the disposal of malware
in the chain.
In network forensics, a specific software application is used to monitor a system or a
network for any threatening malicious attacks or violations of policy. These IDS and all the
new versions of DoS mitigation tools uses signature and anomaly based steps to identify and
report an attack (Kemmerer & Vigna, 2014). On the other hand, NFAT products are
Document Page
3ReferenceReference
programmed to capture and analyse all network traffic and provides tools for forensics
analysis. While, IDS and others flag a particular attack, an NFAT give users the permission to
isolate, replay and analyse an attack or suspicion (Joshi & Pilli, 2016).According to the result,
the bolster network applies certain defence mechanism accordingly.
According to the current scenario, the administrators have the authority to use NFAT
to watch the worm’s journey across the network. Since, NFAT can record and analyse
network traffic in a specified area. Hence, the administrators can monitor on the worm
activity and take necessary actions in respect to the future threat predictions.
Identification of increased threat activity between network ports and e-mail
servers
In case of content analysis (deep packet inspection), NFAT uses sophisticated
algorithms and produces analysis of forensic items as e-mails and documents. The algorithms
produces a pattern that associates between the sender and receiver during the transmission of
data in a network. For a scenario where a worm is associated, the administrator finds the
evidence from the NFAT forensics and uses them to extract the duplicate image of the threat
and further, analyses it. The admin investigates the e-mail servers and internet logs to create
the final forensic report.
Data packets travel from and to numerous network ports associated to specific IP
addresses, using TCP or UDP transport layer protocols (Zhang, 2014). They are also
vulnerable to worm attacks but, can be identified and alerted by IDS which may alert the
system during any security issues.
The role of timestamps in backtracking for source’s location
For minimization of the IDS’s false alarm alerts, the synchronization of time and data
stamps are maintained across a network channel. The process of database integrity to the
storage of information collected by the processes of IDS and NFAT is an important subject.
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4ReferenceReference
However, during the captured analysed data from the NFAT and IDS permits the
admin to understand the content, pattern and time-sequence and eventually, the admin can
decode the results to produce an efficient analysis (Raghavan, 2013). The analysis of pattern
provides the opening stage for normal network activities, while the analysis of the content
provides a deep-packet inspection that maps out the source and receiver involved in the
whole attack. An analysis procedure of time-line sequencing analysis is an efficient method
that determines the sequence of events to establish a timeline algorithm as the investigation of
the attack is calculated from event to event (Johnson, 2014).
During timestamp analysis, the administrator uses the NFAT as it extracts the
required amount of data from the network devices to show the behaviour of events across a
network, while the events are always placed in a chronological order (the data from source
may be different).
In the case of enterprise network, time stamps play an important role across a network
when a worm is involved in the threat activities. For appropriate solution, the admin uses
query functions to search for the increased rate of activities in servers and ports. During the
process, the NFAT (if, functioning properly) acts as an IDS.
CONCLUSION
According to the above discussion, it can be concluded that network forensics
guarantees a better response to any network related attack. The use of NFAT provides the
ability to track and narrow down the worm’s journey across a network. It was noticed that the
attack was traced down to the source’s location and nature. The identification of the
malicious attacks are made visible by the usage of these forensic tools. However, the user of
the network connection has to be responsible enough to prevent themselves from being a
Document Page
5ReferenceReference
victim of such malicious attacks as attacks are uncertain and may become a disaster in no
time.
.
Reference
Adeyemi, I. R., Razak, S. A., & Azhan, N. A. N. (2013). A review of current research in
network forensic analysis. International Journal of Digital Crime and Forensics
(IJDCF), 5(1), 1-26.
Johnson, C. W. (2014, September). Barriers to the use of intrusion detection systems in
safety-critical applications. In International Conference on Computer Safety,
Reliability, and Security (pp. 375-384).
Joshi, R. C., & Pilli, E. S. (2016). Network Forensics. In Fundamentals of Network
Forensics (pp. 3-16).
Kemmerer, R. A., & Vigna, G. (2014). Intrusion detection: a brief history and
overview. Computer, 35(4).
Raghavan, S. (2013). Digital forensic research: current state of the art. CSI Transactions on
ICT, 1(1), 91-114.
Zhang, D. (2014). The utility of inconsistency in information security and digital forensics.
In Recent trends in information reuse and integration (pp. 381-397).
chevron_up_icon
1 out of 6
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.