Title

On Teaching TCP/IP Protocol Analysis to Computer Forensics Examiners

Document Type

Journal Article

Publisher

Taylor & Francis

Place of Publication

Philadelphia, PA

Faculty

Computing, Health and Science

School

School of Computer and Security Science

RAS ID

9065

Comments

This article was originally published as

Kessler, G. C. (2008). On Teaching TCP/IP Protocol Analysis to Computer Forensics Examiners. Journal of Digital Forensic Practice, 2(1), 43-53.

Original article available here

Abstract

Digital investigators have an increasing need to examine data network logs and traffic, either as part of criminal or civil investigations or when responding to information security incidents. To truly understand the contents of the logs and the data packets, examiners need to have a good foundation in the protocols comprising the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. This paper introduces the use of protocol analyzers and packet sniffers for TCP/IP traffic, and provides examples of normal and suspect TCP/IP traffic. This paper also provides a basis for a discussion of intrusion detection and signature analysis.

 

Link to publisher version (DOI)

10.1080/15567280701805690