F-IDS: A technique for simplifying evidence collection in network forensics

Abstract

The increasing numbers of cybercrimes nowadays make network forensic a very important area to be studied. In network forensic analysis, evidence is the crucial elements in the investigation process. However, gathering evidences from network is quite difficult because of the large amount of data in the network system. In addition, getting filtered data for analysis purpose is still a major issue for forensic professional. To contribute in solving the problems, we propose Forensic-based Intrusion Detection System (F-IDS), a new framework to simplify evidences gathering from network by utilizing mechanisms available on the structure of general IDS, the IDS structure will be examined and then enhanced so that the network packet collected by the IDS will be channeled and stored for forensic analysis purpose, also a proper mechanism to identify prospective evidences from the traffic will be proposed. From the conducted system simulation and several testing, the system is able to recognize the expected evidences which are injected as test input based on the classification mechanism. © 2011 Springer-Verlag.