Title

Including network routers in forensic investigation

Document Type

Conference Proceeding

Publisher

Edith Cowan University

Faculty

Faculty of Health, Engineering and Science

School

ECU Security Research Institute

Comments

This article was originally published as: Cusack B., Lutui R. (2014). Including network routers in forensic investigation. Proceedings of the 11th Australian Digital Forensics Conference, ADF 2013. (pp. 59-70). Edith Cowan University. Original article available here

Abstract

Network forensics concerns the identification and preservation of evidence from an event that has occurred or is likely to occur. The scope of network forensics encompasses the networks, systems and devices associated with the physical and human networks. In this paper we are assessing the forensic potential of a router in investigations. A single router is taken as a case study and analysed to determine its forensic value from both static and live investigation perspectives. In the live investigation, tests using steps from two to seven routers were used to establish benchmark expectations for network variations. We find that the router has many attributes that make it a repository and a site for evidence collection. The implications of this research are for investigators and the inclusion of routers in network forensic investigations.

Access Rights

Free to access

Share

 
COinS