Australian Digital Forensics Conference

Document Type

Conference Proceeding

Abstract

Network forensics and Network Intrusion Detection Systems (NIDS) have ultimately become so important to corporations that in many cases they have been relied upon to identify the actions of offenders and to provide sufficient details to prosecute them. Unfortunately, as data links on corporate networks have increased to saturation, more information is being missed and even though corporations have spent heavily acquiring loud, power hungry devices to monitor their networks. A more power efficient solution, which consumes less electricity, yet provides the same or better packet inspection is an obvious solution.. This paper discusses a possible solution using a cluster of Raspberry Pis, a credit card sized computer valued at AUD$40 each. These tiny devices (whilst individually are limited in power and bandwidth) can be clustered together with economic benefits. This multi-GPU environment can inspect more data and therefore log more information for investigators. Overall it offers easier maintenance and therefore can be kept up to date easier. Finally clustering many of these devices may provide corporations with a better understanding as to what is occurring on their networks at a cheaper on-going cost.

Comments

Originally published in the Proceedings of the 12th Australian Digital Forensics Conference. Held on the 1-3 December, 2014 at Edith Cowan University, Joondalup Campus, Perth, Western Australia.

Share

 
COinS
 

Link to publisher version (DOI)

10.4225/75/57b3e8b9fb883