Detail publikace

Advanced Techniques for Reconstruction of Incomplete Network Data

MATOUŠEK, P. PLUSKAL, J. RYŠAVÝ, O. VESELÝ, V. KMEŤ, M. KARPÍŠEK, F. VYMLÁTIL, M.

Originální název

Advanced Techniques for Reconstruction of Incomplete Network Data

Typ

článek v časopise ve Web of Science, Jimp

Jazyk

angličtina

Originální abstrakt

Network forensics is a method of obtaining and analysing digital evidences from network sources. Network forensics includes data acquisition, selection, processing, analysis and presentation to  investigators. Due to high volumes of transmitted data the  acquired information can be incomplete, corrupted, or disordered  which makes further reconstruction dicult. In this paper, we address the issue of advanced parsing and reconstruction of  incomplete, corrupted, or disordered data packets. We introduce a technique that recovers TCP or UDP conversations so they could be further analysed by application parsers. Presented  technique is implemented in a new network forensics tool called  NetFox.Detective. We also discuss current challenges in parsing  webmail communication, SSL decryption and Bitcoins detection.

Klíčová slova

network forensics tools, TCP reassembling, traffic reconstruction, webmail, bitcoin, SSL encryption

Autoři

MATOUŠEK, P.; PLUSKAL, J.; RYŠAVÝ, O.; VESELÝ, V.; KMEŤ, M.; KARPÍŠEK, F.; VYMLÁTIL, M.

Rok RIV

2015

Vydáno

10. 10. 2015

ISSN

1867-8211

Periodikum

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

Ročník

2015

Číslo

157

Stát

Nizozemsko

Strany od

69

Strany do

84

Strany počet

16

URL

http://link.springer.com/chapter/10.1007/978-3-319-25512-5_6

BibTex

@article{BUT119835,
  author="Petr {Matoušek} and Jan {Pluskal} and Ondřej {Ryšavý} and Vladimír {Veselý} and Martin {Kmeť} and Filip {Karpíšek} and Martin {Vymlátil}",
  title="Advanced Techniques for Reconstruction of Incomplete Network Data",
  journal="Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering",
  year="2015",
  volume="2015",
  number="157",
  pages="69--84",
  doi="10.1007/978-3-319-25512-5\{_}6",
  issn="1867-8211",
  url="http://link.springer.com/chapter/10.1007/978-3-319-25512-5_6"
}