Provide a challenge that forensics experts might have applying the research to an investigation.
Provide a challenge that forensics experts might have applying the research to an investigation.
/>
In the document attached read person response and the answer question above.
Word count 250
One of the most exhausTve sources of data used in forensic invesTgaTon and related to securityincidents such as cybercrime, online fraud and informaTon leakages can be found in network traces. Justby observing both internal and external network traFc, forensic invesTgators can reconstruct events incomputer security breaches and also assist in the understanding of incident root causes includingidenTfying liable parTes. InvesTgaTons which are centered on H±±P traFc is increasingly becoming animportant sphere in digital forensics since this protocol is primarily used in most client- to-server typecommunicaTons. On the other hand, malicious acTviTes and botnets are relying on this protocol fortheir nefarious acTviTes due to the ubiquitous nature of the Web (Gugelmann, Gasser, Ager & Lenders,2015).Explain what forensic problems are being invesTgated and what soluTons are proposedWhen intrusion reports, alerts on virus or other malicious acTviTes are received by a securityadministrator, there is the need for a thorough invesTgaTon on network traFc collected to verifywhether they are real security events. ±he prevalence of web traFc however, requires that details ofH±±P protocols are dug into by administrators to access the trustworthiness of the ²ow of networkpackets. Embedded images in their hundreds such as videos, images, or JavaScript code are exhibited byweb pages generaTng large numbers of H±±P requests when users visit websites (Gugelmann, Gasser,Ager & Lenders, 2015).±he use of a traFc analyzer known as Hviz (H±±P(S) traFc analyser) in the reconstrucTon andvisualizaTon of H±±P(s) traFc gathered from computer systems was presented as the soluTon in theresearch. Digital forensics is facilitated by this approach in the aggregaTon, structuring, and correlaTonof H±±P traFc to further reduce the number of events that are made available to forensic invesTgators.±he reducTon H±±P events by Hviz is achieved by combining data aggregaTon methods, grouping basedon domain name and heurisTcs that idenT³es H±±P request pages. ±he tool also aids in idenTfyinganomalies in traFc by highlighTng unique traFc pa´erns on the speci³c computers being analysed(Gugelmann, Gasser, Ager & Lenders, 2015).Explain if the problems are gaps in knowledge, limitaTons, and/or something elseAnalyzing H±±P traFc manually without the right tool is quite a daunTng task. Even a single workstaTonis able to generate millions of packets in a day. Whereas the individual packets from H±±P sessions canbe reassembled, the number of traFc requests sTll poses a challenge due to the size of data gathered.±he high number of requests generated from websites are due to how these sites were designed. “Whena browser ³rst loads a Web page from a server, dozens to hundreds of addiTonal H±±P requests aretriggered to download further content, such as pictures” (Pries et al, 2012 & Butkiewicz et al, 2011). ±hismakes it quite diFcult to easily idenTfy suspicious acTviTes.Provide an example of how you might apply this research to forensics invesTgaTons
The sheer magnitude of data correla±on and analysis required in gathering forensic evidence fornetwork ac±vity makes it advantageous for malicious actors. The use of the HTTP protocol which is beingused to transport malware and botnet traFc to C & C servers have seen some signi²cant increases(Gugelmann, Gasser, Ager & Lenders, 2015). The aim of this research therefore was to aid inves±gators inanalysing HTTP traFc from computer networks in an e³ort to iden±fy malicious ac±vi±es so that:1. Inves±gators could easily understand websites visited by users and2. Recognize pa´erns of malicious traFc ac±vity through large amounts of generated web requests. µorexample, the tool should be able to isolate instances where ac±vi±es related to HTTP traFc do not pointto known websites but rather C&C sites used for malware ac±vi±es.
Looking for a Similar Assignment? Order now and Get 10% Discount! Use Coupon Code "Newclient"
