The influence of computer technology on the human activities has greatly increased during the last three decades, which has generated considerable increase of computer crimes in computer networks. Besides that the increase of network traffic is huge, doing the analysis of traffic data complicated. In this paper a forensics network model is proposed, which allows to obtain the existing evidence in an involved TCP/IP network storage. The network flows had been subjected to attacks and intrusions and therefore an analysis will be necessary to determinate when data constitutes evidence and as consequence it can be presented to a court. Evaluation results show the desirables features of proposed scheme to reconstruct the data flow for network analysis purposes. © 2010 by Begell House, Inc.
|Original language||American English|
|Number of pages||565|
|Journal||Telecommunications and Radio Engineering (English translation of Elektrosvyaz and Radiotekhnika)|
|State||Published - 1 Jul 2010|