Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime
An increase in digitization is giving rise to cybercrimes. The existing network protocols are insufficient for collecting the required digital evidence of cybercrime, which eventually makes the process of forensic investigation difficult. In the current scenario of network forensics, the investigato...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2022-05-01
|
| Series: | Journal of King Saud University: Computer and Information Sciences |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S1319157819311103 |
| _version_ | 1818138909736960000 |
|---|---|
| author | Rachana Y. Patil Satish R. Devane |
| author_facet | Rachana Y. Patil Satish R. Devane |
| author_sort | Rachana Y. Patil |
| collection | DOAJ |
| description | An increase in digitization is giving rise to cybercrimes. The existing network protocols are insufficient for collecting the required digital evidence of cybercrime, which eventually makes the process of forensic investigation difficult. In the current scenario of network forensics, the investigator with current capabilities can reach only up to the ISP. This is not primary evidence. Currently, available tools work only at the network layer. In this work, we propose a protocol that ensures tracking up to the true source by collecting beforehand forensically sound evidence. The proposed protocol can collect target data from the device in the form of a device fingerprint with the help of an agent process. The proposed methodology will help in proving non-repudiation, which is a well-known challenge in forensic cases. The fingerprint evidence generated by the proposed method has the capability of not getting obsolete even if the criminal tries to destroy evidence. The fingerprinting technique deployed uses a hash tree and generates evidence in such a way that this fingerprint can act as legal evidence. The security validation of the proposed system is done using the BAN logic. Formal verification is performed using the AVISPA tool. The system has been implemented as a prototype and hosted on AWS. |
| first_indexed | 2024-12-11T10:19:41Z |
| format | Article |
| id | doaj.art-b215e23840a34990a54b966f81a8436d |
| institution | Directory Open Access Journal |
| issn | 1319-1578 |
| language | English |
| last_indexed | 2024-12-11T10:19:41Z |
| publishDate | 2022-05-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Journal of King Saud University: Computer and Information Sciences |
| spelling | doaj.art-b215e23840a34990a54b966f81a8436d2022-12-22T01:11:30ZengElsevierJournal of King Saud University: Computer and Information Sciences1319-15782022-05-0134520312044Network Forensic Investigation Protocol to Identify True Origin of Cyber CrimeRachana Y. Patil0Satish R. Devane1A.C.Patil College of Engineering, Kharghar, 410210 Navi Mumbai, India; Corresponding author.Datta Meghe College of Engineering, Airoli, 400708 Navi Mumbai, IndiaAn increase in digitization is giving rise to cybercrimes. The existing network protocols are insufficient for collecting the required digital evidence of cybercrime, which eventually makes the process of forensic investigation difficult. In the current scenario of network forensics, the investigator with current capabilities can reach only up to the ISP. This is not primary evidence. Currently, available tools work only at the network layer. In this work, we propose a protocol that ensures tracking up to the true source by collecting beforehand forensically sound evidence. The proposed protocol can collect target data from the device in the form of a device fingerprint with the help of an agent process. The proposed methodology will help in proving non-repudiation, which is a well-known challenge in forensic cases. The fingerprint evidence generated by the proposed method has the capability of not getting obsolete even if the criminal tries to destroy evidence. The fingerprinting technique deployed uses a hash tree and generates evidence in such a way that this fingerprint can act as legal evidence. The security validation of the proposed system is done using the BAN logic. Formal verification is performed using the AVISPA tool. The system has been implemented as a prototype and hosted on AWS.http://www.sciencedirect.com/science/article/pii/S1319157819311103Network forensicsCybercrimeDigital evidenceDevice fingerprintAVISPASecurity attacks |
| spellingShingle | Rachana Y. Patil Satish R. Devane Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime Journal of King Saud University: Computer and Information Sciences Network forensics Cybercrime Digital evidence Device fingerprint AVISPA Security attacks |
| title | Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime |
| title_full | Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime |
| title_fullStr | Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime |
| title_full_unstemmed | Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime |
| title_short | Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime |
| title_sort | network forensic investigation protocol to identify true origin of cyber crime |
| topic | Network forensics Cybercrime Digital evidence Device fingerprint AVISPA Security attacks |
| url | http://www.sciencedirect.com/science/article/pii/S1319157819311103 |
| work_keys_str_mv | AT rachanaypatil networkforensicinvestigationprotocoltoidentifytrueoriginofcybercrime AT satishrdevane networkforensicinvestigationprotocoltoidentifytrueoriginofcybercrime |