The document describes FADS (Forensic Agent Detection System), a digital forensics tool developed by the Security Research Group at Universiti Sains Malaysia. FADS allows for real-time network monitoring, detection of cyber attacks, and collection of evidence from server and client systems. It features several interfaces for forensic agents, notification of attacks, and storage of evidence in multiple databases for reporting purposes. FADS provides an easier way for law enforcement and organizations to conduct network forensics investigations and gather evidence of cyber crimes.

1. LOGO
F A D S
FADS
Prepared by:
Security Research Group
School of Computer Sciences
Universiti Sains Malaysia

2. FADS Interfaces

3. FADS Interfaces

4. FADS Interfaces

5. Forensic
Agent
“ I hacked into
“ Hackers, you won. ”
www.malaysia.gov.my “
“I don’t have specialize tools to
collect the evidences in
computer network and accuse
him. Pity me. ”

6. “ Now I am using FADS ”
server LAN Network
internet
Forensic
Agent
Evidence
And Report
Evidence
Repository

7. Server Side Client Side
IDS Notification Filtering
Report
Analysis
Send
Network
notification
Tracer Download from
Store Upload to email Get data from text
packet in host remote database
file and store in
.txt database and store in
sandbox database
sandbox database
Source Destination
Save filtered Filter function
output and create based on user /
report self define rules

8. IDS Rules
IDS Real Time Detection
Rules Algorithm

9. hard code programming
efficiency on database and computer memory
management from Wireshark
evidence from the server and client
easy to be used in any machine

10. 40%
60%
Snort and Wireshark Forensic Tools

11. Function FADS Wireshark Snort
Network Monitoring
DoS detection
Formatted Report
Multiple Database
Online repository
Real-time notification

12. Military Intelligence (MinDef)
Cyber / Criminal Investigation (PDRM)
MCMC
SPRM
Bank Industry
Insurance Industry
Online Transaction / e-Commerce / e-Business
Private organization – system monitoring and
forensic

14. Benefits
Ease network forensics investigation and
cyber crimes evidences gathering.
Proactive digital / network forensic
systems for possible evidences database.
Enhances the proof of cyber crimes
related / legal processes requirement.

15. International – Scientific Research Book Publication :
1. Mohammad Bani Younes and Aman Jantan, “Image Encryption Using Block-Based Transformation Algorithm: Image Encryption and
Decryption Process Using Block-Based Transformation Algorithm”. LAP LAMBERT Academic Publishing (October 9, 2011). ISBN-10:
3846512729, ISBN-13: 978-3846512722, Paperback: 176 pages. Language: English
International Journal and Journal Proceedings
2. Abdulghani Ali Ahmed, Aman Jantan, Wan Tat Chee. 2011. SLA-Based Complementary Approach for Network Intrusion Detection. The
International Journal for the Computer and Telecommunications Industry, Elsevier, ISSN: 0140-3664, Vol. 34, Issue 14, pp. 1738-1749, 1
September 2011. ISI/Scopus. Impact Factor 0.933. doi:10.1016/j.comcom.2011.03.013.
3. Mohammad Rasmi, Aman Jantan, 2011. ASAS: Agile Similarity Attack Strategy Model based on Evidence Classification for Network Forensic
Attack Analysis. Procedia-Computer Science Journal (ISSN: 1877-0509).
4. M. Rasmi, Aman Jantan. 2011. AIA: Attack Intention Analysis Algorithm Based on D-S Theory with Causal Technique for Network Forensics -
A Case Study. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Vol. 5, No. 9, pp. 230-237,
September 2011. Scopus.
5. Abdulghani Ali Ahmed, Aman Jantan, Wan Tat Chee. 2011. SLA-Based Complementary Approach for Network Intrusion Detection. The
International Journal for the Computer and Telecommunications Industry, Elsevier, ISSN: 0140-3664, Vol. 34, Issue 14, pp. 1738-1749, 1
September 2011. ISI/Scopus. Impact Factor 0.933. doi:10.1016/j.comcom.2011.03.013.
6. Mohammad Rasmi, Aman Jantan, 2011. ASAS: Agile Similarity Attack Strategy Model based on Evidence Classification for Network Forensic
Attack Analysis. Procedia-Computer Science Journal (ISSN: 1877-0509).
7. M. Rasmi, Aman Jantan. 2011. AIA: Attack Intention Analysis Algorithm Based on D-S Theory with Causal Technique for Network Forensics -
A Case Study. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Vol. 5, No. 9, pp. 230-237,
September 2011. Scopus.
8. Mohd. Izham Ibrahim and Aman Jantan. 2011. A Secure Storage Model to Preserve Evidence in Network Forensics. J.M. Zain et al. (Eds.):
ICSECS 2011, Part II, CCIS 180, pp. 391-402. Scopus. Springer-Link.

16. 9. M. Rasmi and Aman Jantan. 2011. Attack Intention Analysis Model for Network Forensics. J.M. Zain et al. (Eds.): ICSECS 2011, Part
II, CCIS 180, pp. 403-411. Scopus. Springer-Link.
10. Eviyanti Saari and Aman Jantan. 2011. F-IDS: A Technique for Simplifying Evidence Collection in Network Forensics. J.M. Zain et al. (Eds.):
ICSECS 2011, Part III, CCIS 181, pp. 693-701. Scopus. Springer-Link.
11. Ghassan Ahmed Ali and Aman Jantan. 2011. A New Approach Based on Honeybee to Improve Intrusion Detection System Using Neural
Network and Bees Algorithm. J.M. Zain et al. (Eds.): ICSECS 2011, Part III, CCIS 181, pp. 777-792. Scopus. Springer-Link.
12. Mohammad Rasmi, Aman Jantan, Abdulghani Ali Ahmed. Network Forensics Attack-Analysis Model Based on Similarity of Intention. The
International Conference on Computer Application and Education Technology (ICCAET, 2011), 3-4 December 2011. Beijing, China. IEEE
Computer Society. Scopus.
13. Abdulghani Ali, Aman Jantan, Ghassan Ahmed Ali, 2009. "A Potent Model for Unwanted Traffic Detection in QoS Network
Domain.", International Journal of Digital Content Technology and its Applications - JDCTA, Volume 4, Number 2, April 2010, pp. 122-130.
Scopus.
14. Mohamad Fadli Zolkipli and Aman Jantan, "A Framework for Malware Detection Using Combination Technique and Signature Generation,"
Second International Conference on Computer Research and Development, ICCRD 2010; IEEE Computer Society, pp. 196-199. DOI
10.1109/ICCRD.2010.25. Scopus.
15. Zolkipli, Mohamad Fadli and Aman Jantan. "Malware Behavior Analysis: Learning and Understanding Current Malware Threats," Network
Applications Protocols and Services (NETAPPS), 2010 Second International Conference on , vol., no., pp.218-221, 22-23 Sept. 2010. DOI:
10.1109/NETAPPS.2010.46. Scopus.
16. Mohamad Fadli Zolkipli, Aman Jantan. 2011. An Approach for Malware Behavior Identification and Classification. Proceedings of the 2011 3rd
International Conference on Computer Research and Development (ICCRD 2011), ISBN: 978-161284837-2, Shanghai, China, pp. 191-
194, 11-15 March 2011. Scopus.
17. M. Rasmi and Aman Jantan. 2011. A Model for NFAA-Network Forensics Attack Analysis. Proceedings of the 2011 3rd International
Conference on Computer Engineering and Technology (ICCET 2011), ISBN: 9780791859735, Kuala Lumpur, pp. 739-747, 17-19 June 2011.
Scopus.
18. Mohamad Fadli Zolkipli and Aman Jantan. 2011. A Framework for Defining Malware Behavior Using Run Time Analysis and Resource
Monitoring. J.M. Zain et al. (Eds.): ICSECS 2011, Part I, CCIS 179, pp. 199-209. Scopus. Springer-Link.
19. Mohd. Najwadi Yusoff and Aman Jantan. 2011. A Framework for Optimizing Malware Classification by Using Genetic Algorithm. J.M. Zain et
al. (Eds.): ICSECS 2011, Part II, CCIS 180, pp. 58-72. Scopus. Springer-Link.
20. Mohamad Fadli Zolkipli, Aman Jantan. 2011. An Approach for Identifying Malware Operation and Target Using Run Time Analysis and
Resource Monitoring. International Journal of Digital Content Technology and its Applications (JDCTA), ISSN: 1975-9339, Volume 5, Number
8, pp. 169-178, August 2011. Scopus.