An Improved Approach towards Network Forensic Investigation of HTTP and FTP Protocols

  • T. Manesh
  • B. Brijith
  • Mahendra Prathap Singh
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 203)

Abstract

Network packet analysis and reconstruction of network sessions are more sophisticated processes in any network forensic and analysis system. Here we introduce an integrated technique which can be used for inspecting, reordering and reconstructing the contents of packets in a network session as part of forensic investigation. Network analysts should be able to observe the stored packet information when a suspicious activity is reported and should collect adequate supporting evidences from stored packet information by recreating the original data/files/messages sent/received by each user. Thus suspicious user activities can be found by monitoring the packets in offline. So we need an efficient method for reordering packets and reconstructing the files or documents to execute forensic investigation and to create necessary evidence against any network crime. The proposed technique can be used for content level analysis of packets passing through the network based on HTTP and FTP protocols and reports deceptive network activities in the enterprise for forensic analysis.

Keywords

Network Forensics Packet Reordering and reconstruction HTTP and FTP session reassembly Pcap File 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Almulhem, A.: Network Forensics: Notions and Challenges. In: IEEE International Symposium on Signal Processing and Information Technology, pp. 463–466 (February 2010)Google Scholar
  2. 2.
    Raphael, A.A., Phan, R.C.W., Parish, D.J.: Metrics for Network Forensics Conviction Evidence. In: International Conference for Internet Technology and Secured Transactions, pp. 1–8 (November 2009)Google Scholar
  3. 3.
    Ming, H.: A New System Design of Network Invasion Forensics. In: Second International Conference on Computer and Electrical Engineering, pp. 596–599 (December 2009)Google Scholar
  4. 4.
    Leung, K.-C., Yang, D.: An Overview of Packet Reordering in Transmission Control Protocol (TCP): Problems, Solutions and Challenges. IEEE Transactions on Parallel and Distributed Systems 18(4), 522–534 (2007)CrossRefGoogle Scholar
  5. 5.
    Merkle, L.D.: Automated Network Forensics. Proceedings of ACM Workshop on Genetic and Evolutionary Computation Conference, pp. 131–137 (July 2008)Google Scholar
  6. 6.
    Slaviero, M., Granova, A., Olivier, M.: Active Traffic Capture for Network Forensics. IFIP AICT, vol. 222, pp. 215–221. Springer, US (May 2006)Google Scholar
  7. 7.
    Morariu, C., Stiller, B.: Distributed Packet Capturing architecture for high-speed network links. In: IEEE Conference on Local Computer Networks, pp. 168–175 (October 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • T. Manesh
    • 1
  • B. Brijith
    • 1
  • Mahendra Prathap Singh
    • 1
  1. 1.Dept. of Computer EngineeringNational Institute of TechnologySurathkalIndia

Personalised recommendations