A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics

Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody...

Full description

Saved in:
Bibliographic Details
Main Authors: Mohd Izham, Ibrahim, Aman, Jantan, Mohammad, Rasmi
Format: Conference or Workshop Item
Language:English
Published: 2012
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/3668/1/48ICoCSIM.pdf
http://umpir.ump.edu.my/id/eprint/3668/
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Malaysia Pahang
Language: English
id my.ump.umpir.3668
record_format eprints
spelling my.ump.umpir.36682015-03-03T08:02:31Z http://umpir.ump.edu.my/id/eprint/3668/ A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics Mohd Izham, Ibrahim Aman, Jantan Mohammad, Rasmi QA76 Computer software Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody that are not properly managed or addressed. Therefore, people with intentions may disrupt the collection process and tampered the contents of the stored evidence. Considering these issues, this paper proposes a Defensive Evidence Model (DEM) to manage the evidence collection processes as well as providing defensive measures to protecting the evidence. Features of DEM were adapted from four security models; Bell-LaPadula, Biba, Clark-Wilson and Goguen-Meseguer Model and integrated with the Forensics Investigation process. The assessment of DEM performed from two different aspects, first by analyzing the attack and second, evaluating the process through CIAA security requirements to determine the workability of the created model. 2012-12-03 Conference or Workshop Item PeerReviewed application/pdf en http://umpir.ump.edu.my/id/eprint/3668/1/48ICoCSIM.pdf Mohd Izham, Ibrahim and Aman, Jantan and Mohammad, Rasmi (2012) A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics. In: International Conference on Computational Science and Information Management (ICoCSIM), 3-5 December 2012 , Toba Lake, North Sumatera, Indonesia. pp. 251-258..
institution Universiti Malaysia Pahang
building UMP Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Malaysia Pahang
content_source UMP Institutional Repository
url_provider http://umpir.ump.edu.my/
language English
topic QA76 Computer software
spellingShingle QA76 Computer software
Mohd Izham, Ibrahim
Aman, Jantan
Mohammad, Rasmi
A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics
description Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody that are not properly managed or addressed. Therefore, people with intentions may disrupt the collection process and tampered the contents of the stored evidence. Considering these issues, this paper proposes a Defensive Evidence Model (DEM) to manage the evidence collection processes as well as providing defensive measures to protecting the evidence. Features of DEM were adapted from four security models; Bell-LaPadula, Biba, Clark-Wilson and Goguen-Meseguer Model and integrated with the Forensics Investigation process. The assessment of DEM performed from two different aspects, first by analyzing the attack and second, evaluating the process through CIAA security requirements to determine the workability of the created model.
format Conference or Workshop Item
author Mohd Izham, Ibrahim
Aman, Jantan
Mohammad, Rasmi
author_facet Mohd Izham, Ibrahim
Aman, Jantan
Mohammad, Rasmi
author_sort Mohd Izham, Ibrahim
title A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics
title_short A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics
title_full A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics
title_fullStr A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics
title_full_unstemmed A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics
title_sort defensive evidence model: an approach of security model for storing digital evidence in network forensics
publishDate 2012
url http://umpir.ump.edu.my/id/eprint/3668/1/48ICoCSIM.pdf
http://umpir.ump.edu.my/id/eprint/3668/
_version_ 1643664852376354816