Analysis of firewall log-based detection scenarios for evidence in digital forensics

dc.contributor.authorMukhtar, R
dc.contributor.authorAl-Nemrat, A
dc.contributor.authorAlazab, Mamoun
dc.contributor.authorVenkatraman, S
dc.contributor.authorJahankhani, H
dc.date.accessioned2015-12-13T22:19:33Z
dc.date.issued2012
dc.date.updated2016-02-24T09:03:50Z
dc.description.abstractWith the recent escalating rise in cybercrime, firewall logs have attained much research focus in assessing their capability to serve as excellent evidence in digital forensics. Even though the main aim of firewalls is to screen or filter part or all network traffic, firewall logs could provide rich traffic information that could be used as evidence to prove or disprove the occurrence of online attack events for legal purposes. Since courts have a definition of what could be presented to it as evidence, this research investigates on the determinants for the acceptability of firewall logs as suitable evidence. Two commonly used determinants are tested using three different firewall-protected network scenarios. These determinants are: 1 admissibility that requires the evidence to satisfy certain legal requirements stipulated by the courts 2 weight that represents the sufficiency and extent to which the evidence convinces the establishment of cybercrime attack.
dc.identifier.issn1751-911X
dc.identifier.urihttp://hdl.handle.net/1885/71865
dc.publisherInderscience Publishers
dc.sourceInternational Journal of Electronic Security and Digital Forensics
dc.subjectKeywords: Cybercrime; Digital evidence; Digital forensic; Firewall log; Forensic analysis; Legal requirements; Network scenario; Network traffic; Traffic information; Computer crime; Electronic crime countermeasures; Computer system firewalls cybercrime; Digital evidence; Firewall log; Forensic analysis
dc.titleAnalysis of firewall log-based detection scenarios for evidence in digital forensics
dc.typeJournal article
local.bibliographicCitation.issue4
local.bibliographicCitation.lastpage279
local.bibliographicCitation.startpage261
local.contributor.affiliationMukhtar, R, University of East London
local.contributor.affiliationAl-Nemrat, A, University of East London
local.contributor.affiliationAlazab, Mamoun, College of Asia and the Pacific, ANU
local.contributor.affiliationVenkatraman, S, University of Ballarat
local.contributor.affiliationJahankhani, H, University of East London
local.contributor.authoremailu5216926@anu.edu.au
local.contributor.authoruidAlazab, Mamoun, u5216926
local.description.embargo2037-12-31
local.description.notesImported from ARIES
local.identifier.absfor080303 - Computer System Security
local.identifier.absfor160299 - Criminology not elsewhere classified
local.identifier.absseo940402 - Crime Prevention
local.identifier.absseo970108 - Expanding Knowledge in the Information and Computing Sciences
local.identifier.ariespublicationf5625xPUB2922
local.identifier.citationvolume4
local.identifier.doi10.1504/IJESDF.2012.049761
local.identifier.scopusID2-s2.0-84867750846
local.identifier.uidSubmittedByf5625
local.type.statusPublished Version

Downloads

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
01_Mukhtar_Analysis_of_firewall_log-based_2012.pdf
Size:
404.53 KB
Format:
Adobe Portable Document Format
Back to topicon-arrow-up-solid
 
APRU
IARU
 
edX
Group of Eight Member

Acknowledgement of Country

The Australian National University acknowledges, celebrates and pays our respects to the Ngunnawal and Ngambri people of the Canberra region and to all First Nations Australians on whose traditional lands we meet and work, and whose cultures are among the oldest continuing cultures in human history.


Contact ANUCopyrightDisclaimerPrivacyFreedom of Information

+61 2 6125 5111 The Australian National University, Canberra

TEQSA Provider ID: PRV12002 (Australian University) CRICOS Provider Code: 00120C ABN: 52 234 063 906