Including network routers in forensic investigation
Document Type
Conference Proceeding
Publisher
Edith Cowan University
Faculty
Faculty of Health, Engineering and Science
School
ECU Security Research Institute
Abstract
Network forensics concerns the identification and preservation of evidence from an event that has occurred or is likely to occur. The scope of network forensics encompasses the networks, systems and devices associated with the physical and human networks. In this paper we are assessing the forensic potential of a router in investigations. A single router is taken as a case study and analysed to determine its forensic value from both static and live investigation perspectives. In the live investigation, tests using steps from two to seven routers were used to establish benchmark expectations for network variations. We find that the router has many attributes that make it a repository and a site for evidence collection. The implications of this research are for investigators and the inclusion of routers in network forensic investigations.
DOI
10.4225/75/57b3c682fb86d
Access Rights
free_to_read
Comments
Cusack B., Lutui R. (2014). Including network routers in forensic investigation. Proceedings of the 11th Australian Digital Forensics Conference, ADF 2013. (pp. 59-70). Edith Cowan University. Available here