Forensic Analysis and Discovery System

  • 558 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
558
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. LOGOF A D S FADS Prepared by: Security Research Group School of Computer Sciences Universiti Sains Malaysia
  • 2. FADS Interfaces
  • 3. FADS Interfaces
  • 4. FADS Interfaces
  • 5. Forensic Agent “ I hacked into “ Hackers, you won. ”www.malaysia.gov.my “ “I don’t have specialize tools to collect the evidences in computer network and accuse him. Pity me. ”
  • 6. “ Now I am using FADS ” server LAN Network internet Forensic Agent Evidence And Report Evidence Repository
  • 7. Server Side Client Side IDS Notification Filtering Report Analysis Send Network notification Tracer Download from Store Upload to email Get data from textpacket in host remote database file and store in .txt database and store in sandbox database sandbox database Source Destination Save filtered Filter function output and create based on user / report self define rules
  • 8. IDS Rules IDS Real Time DetectionRules Algorithm
  • 9. hard code programmingefficiency on database and computer memorymanagement from Wiresharkevidence from the server and client easy to be used in any machine
  • 10. 40%60% Snort and Wireshark Forensic Tools
  • 11. Function FADS Wireshark SnortNetwork MonitoringDoS detectionFormatted ReportMultiple DatabaseOnline repositoryReal-time notification
  • 12. Military Intelligence (MinDef)Cyber / Criminal Investigation (PDRM)MCMCSPRMBank IndustryInsurance IndustryOnline Transaction / e-Commerce / e-BusinessPrivate organization – system monitoring and forensic
  • 13. BenefitsEase network forensics investigation and cyber crimes evidences gathering.Proactive digital / network forensic systems for possible evidences database.Enhances the proof of cyber crimes related / legal processes requirement.
  • 14. International – Scientific Research Book Publication :1. Mohammad Bani Younes and Aman Jantan, “Image Encryption Using Block-Based Transformation Algorithm: Image Encryption and Decryption Process Using Block-Based Transformation Algorithm”. LAP LAMBERT Academic Publishing (October 9, 2011). ISBN-10: 3846512729, ISBN-13: 978-3846512722, Paperback: 176 pages. Language: EnglishInternational Journal and Journal Proceedings2. Abdulghani Ali Ahmed, Aman Jantan, Wan Tat Chee. 2011. SLA-Based Complementary Approach for Network Intrusion Detection. The International Journal for the Computer and Telecommunications Industry, Elsevier, ISSN: 0140-3664, Vol. 34, Issue 14, pp. 1738-1749, 1 September 2011. ISI/Scopus. Impact Factor 0.933. doi:10.1016/j.comcom.2011.03.013.3. Mohammad Rasmi, Aman Jantan, 2011. ASAS: Agile Similarity Attack Strategy Model based on Evidence Classification for Network Forensic Attack Analysis. Procedia-Computer Science Journal (ISSN: 1877-0509).4. M. Rasmi, Aman Jantan. 2011. AIA: Attack Intention Analysis Algorithm Based on D-S Theory with Causal Technique for Network Forensics - A Case Study. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Vol. 5, No. 9, pp. 230-237, September 2011. Scopus.5. Abdulghani Ali Ahmed, Aman Jantan, Wan Tat Chee. 2011. SLA-Based Complementary Approach for Network Intrusion Detection. The International Journal for the Computer and Telecommunications Industry, Elsevier, ISSN: 0140-3664, Vol. 34, Issue 14, pp. 1738-1749, 1 September 2011. ISI/Scopus. Impact Factor 0.933. doi:10.1016/j.comcom.2011.03.013.6. Mohammad Rasmi, Aman Jantan, 2011. ASAS: Agile Similarity Attack Strategy Model based on Evidence Classification for Network Forensic Attack Analysis. Procedia-Computer Science Journal (ISSN: 1877-0509).7. M. Rasmi, Aman Jantan. 2011. AIA: Attack Intention Analysis Algorithm Based on D-S Theory with Causal Technique for Network Forensics - A Case Study. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Vol. 5, No. 9, pp. 230-237, September 2011. Scopus.8. Mohd. Izham Ibrahim and Aman Jantan. 2011. A Secure Storage Model to Preserve Evidence in Network Forensics. J.M. Zain et al. (Eds.): ICSECS 2011, Part II, CCIS 180, pp. 391-402. Scopus. Springer-Link.
  • 15. 9. M. Rasmi and Aman Jantan. 2011. Attack Intention Analysis Model for Network Forensics. J.M. Zain et al. (Eds.): ICSECS 2011, Part II, CCIS 180, pp. 403-411. Scopus. Springer-Link.10. Eviyanti Saari and Aman Jantan. 2011. F-IDS: A Technique for Simplifying Evidence Collection in Network Forensics. J.M. Zain et al. (Eds.): ICSECS 2011, Part III, CCIS 181, pp. 693-701. Scopus. Springer-Link.11. Ghassan Ahmed Ali and Aman Jantan. 2011. A New Approach Based on Honeybee to Improve Intrusion Detection System Using Neural Network and Bees Algorithm. J.M. Zain et al. (Eds.): ICSECS 2011, Part III, CCIS 181, pp. 777-792. Scopus. Springer-Link.12. Mohammad Rasmi, Aman Jantan, Abdulghani Ali Ahmed. Network Forensics Attack-Analysis Model Based on Similarity of Intention. The International Conference on Computer Application and Education Technology (ICCAET, 2011), 3-4 December 2011. Beijing, China. IEEE Computer Society. Scopus.13. Abdulghani Ali, Aman Jantan, Ghassan Ahmed Ali, 2009. "A Potent Model for Unwanted Traffic Detection in QoS Network Domain.", International Journal of Digital Content Technology and its Applications - JDCTA, Volume 4, Number 2, April 2010, pp. 122-130. Scopus.14. Mohamad Fadli Zolkipli and Aman Jantan, "A Framework for Malware Detection Using Combination Technique and Signature Generation," Second International Conference on Computer Research and Development, ICCRD 2010; IEEE Computer Society, pp. 196-199. DOI 10.1109/ICCRD.2010.25. Scopus.15. Zolkipli, Mohamad Fadli and Aman Jantan. "Malware Behavior Analysis: Learning and Understanding Current Malware Threats," Network Applications Protocols and Services (NETAPPS), 2010 Second International Conference on , vol., no., pp.218-221, 22-23 Sept. 2010. DOI: 10.1109/NETAPPS.2010.46. Scopus.16. Mohamad Fadli Zolkipli, Aman Jantan. 2011. An Approach for Malware Behavior Identification and Classification. Proceedings of the 2011 3rd International Conference on Computer Research and Development (ICCRD 2011), ISBN: 978-161284837-2, Shanghai, China, pp. 191- 194, 11-15 March 2011. Scopus.17. M. Rasmi and Aman Jantan. 2011. A Model for NFAA-Network Forensics Attack Analysis. Proceedings of the 2011 3rd International Conference on Computer Engineering and Technology (ICCET 2011), ISBN: 9780791859735, Kuala Lumpur, pp. 739-747, 17-19 June 2011. Scopus.18. Mohamad Fadli Zolkipli and Aman Jantan. 2011. A Framework for Defining Malware Behavior Using Run Time Analysis and Resource Monitoring. J.M. Zain et al. (Eds.): ICSECS 2011, Part I, CCIS 179, pp. 199-209. Scopus. Springer-Link.19. Mohd. Najwadi Yusoff and Aman Jantan. 2011. A Framework for Optimizing Malware Classification by Using Genetic Algorithm. J.M. Zain et al. (Eds.): ICSECS 2011, Part II, CCIS 180, pp. 58-72. Scopus. Springer-Link.20. Mohamad Fadli Zolkipli, Aman Jantan. 2011. An Approach for Identifying Malware Operation and Target Using Run Time Analysis and Resource Monitoring. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Volume 5, Number 8, pp. 169-178, August 2011. Scopus.