期刊名称:International Journal of New Computer Architectures and their Applications
印刷版ISSN:2220-9085
出版年度:2011
卷号:1
期号:1
页码:25-33
出版社:Society of Digital Information and Wireless Communications
摘要:Computer Forensics applies law to fight against unlawful and illegitimate use of computers and networks. It employs investigation methods to solve computer crimes. Knowing that the firewall is the unique input and output in a network, it is considered as the ideal location for recording network activities. The firewall log files trace all incoming and outgoing events in a network. Its content can include details about attacks and penetration attempts in the network. For this reason firewall forensics becomes a principal branch in computer forensics field. It uses the firewall lo g files content so as a source of evidence to lead an investigation in the aim to identify computer attacks. The investigation in firewall forensics consists o f analyzing and interpreting the relevant information related to computer attacks which is contained in firewall log files. But the log files content is generally mysterious and difficult to decode. Its interpretation requires a qualified expertise. This paper proposes an intelligent system that automates the firewall forensics process and helps the security administrator to manage, exploit and interpret the firewall log files content. This system will assist the security ad ministrator to make suitable decisions and judgments during the investigation step.
