Author(s)

Slim REKHIS, Jihene KRICHENE, Noureddine BOUDRIGA

.

Security incidents targeting information systems have become more complex and sophisticated, and intruders might evade responsibility due to the lack of evidence to convict them. In this paper, we develop a system for Digital Forensic in Networking, called DigForNet, which is useful to analyze security incidents and explain the steps taken by the attackers. DigForNet combines intrusion response team knowledge with formal tools to identify the attack scenarios that have occurred and show how the system behaves for every step in the scenario. The attack scenarios construction is automated and the hypothetical concept is introduced within DigForNet to alleviate missing data related to evidences or investigator knowledge. DigForNet system supports the investigation of attack scenarios that integrate anti-investigation attacks. To exemplify the proposal, a case study is proposed.

Formal Digital Investigation, Incident Response Probabilistic Cognitive Map, DigForNet, Anti- Forensic Attacks Investigation, Attack Scenarios Reconstruction

S. REKHIS, J. KRICHENE and N. BOUDRIGA, "Forensic Investigation in Communication Networks Using Incomplete Digital Evidences," International Journal of Communications, Network and System Sciences, Vol. 2 No. 9, 2009, pp. 857-873. doi: 10.4236/ijcns.2009.29100.