期刊名称:International Journal of New Computer Architectures and their Applications
印刷版ISSN:2220-9085
出版年度:2011
卷号:1
期号:2
页码:437-458
出版社:Society of Digital Information and Wireless Communications
摘要:The digital evidences emphatically are commonly considered as a backbone for the forensic body in order to deliver a reliable investigation when a breach occurred since a forensic basically based on them. However, there are challenges harming the integrity and reliability of these digital evidences such as removing or tampering with them since most of equipments of production environment are accessible to intruders because they normally assign an Internet Protocol (IP). Therefore, a hidden mechanism namely Honeynet Architecture which located in the middle between the equipments and intruders is proposed for the sake of overcoming these weaknesses. In this paper, firstly the proposed mechanism for collecting and centralizing network digital evidences is studied and investigated as well, and then a comparison among the proposed solutions is conducted in order to state their characteristics that lead to choosing the most suitable choices. Secondly, a methodology to collect and centralize network digital evidences in order to come up with the reliable investigation is introduced. Finally, the guidelines to collect and centralize network digital evidences in a successful manner are produced. var currentpos,timer; function initialize() { timer=setInterval("scrollwindow()",10);} function sc(){clearInterval(timer); }function scrollwindow() { currentpos=document.body.scrollTop; window.scroll(0,++currentpos); if (currentpos != document.body.scrollTop) sc();} document.onmousedown=scdocument.ondblclick=initialize International Journal on New Computer Architectures and Their Applications (IJNCAA) 1(2): 437-458 The Society of Digital Information and Wireless Communications, 2011 (ISSN: 2220-9085) 438 capture all inbound and outbound network activities. Usually, within this architecture our Honeynets are placed. A Honeypot is a real system with valid services, open ports, applications and data files. One of the key Honeynet architecture components is the Honeynet gateway which called Honeywall operating system. The Honeywall operating system is a very significant element in the Honeynet architecture since it captures and controls all of the inbound and outbound activities [3]. In reality, traditional information technology environment consists of main critical digital components such as Routers, Firewalls, Intrusion Prevention Systems and operating systems used as servers in order to deliver its mission. Fig. 1 depicts an overview of these common parts of an environment that is available nowadays. Normally, these equipments being configured and assigned an Internet Protocol (IP) which explore and probes them all over the world means they could be accessible from outside to everyone. Actually, the mentioned feature presents risk toward an IT environment since it allows an attacker to bypass and circumvent the built security solutions in case there is a zero-day attack because everything is detectable and known form outside. Fig. 1. Traditional IT Infrastructure . Recently, attackers have grown to be more intelligent against investigations since they keep developing new techniques used to hide or overwrite the digital traces which might lead to grasp them. One of these expected crimes, overwriting all of operating system digital traces, firewall logs files, or intrusion/Prevention Systems (IDS/IPS) logs files and so on [4]. Furthermore, sometimes even worse, they use encrypted channels during conducting attacks which make digital traces analysis impossible without the decryption [5]. In the occurrence of attacks, it is enormously difficult to come up with a detailed analysis of how the attack happened and then depicting what the steps were especially against skilled Web Server Firewal l Internet Router Log Server IDS/IPS Data Base Server
