On Teaching TCP/IP Protocol Analysis to Computer Forensics Examiners
Document Type
Journal Article
Publisher
Taylor and Francis
Place of Publication
Philadelphia, PA
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Security Science
RAS ID
9065
Abstract
Digital investigators have an increasing need to examine data network logs and traffic, either as part of criminal or civil investigations or when responding to information security incidents. To truly understand the contents of the logs and the data packets, examiners need to have a good foundation in the protocols comprising the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. This paper introduces the use of protocol analyzers and packet sniffers for TCP/IP traffic, and provides examples of normal and suspect TCP/IP traffic. This paper also provides a basis for a discussion of intrusion detection and signature analysis.
DOI
10.1080/15567280701805690
Comments
Kessler, G. C. (2008). On Teaching TCP/IP Protocol Analysis to Computer Forensics Examiners. Journal of Digital Forensic Practice, 2(1), 43-53.
Available here