Abstract
The firewall log files trace all incoming and outgoing events in a network. Their content can include details about network penetration attempts and attacks. For this reason firewall forensics becomes a principal branch in computer forensics field. It uses the firewall log files content as a source of evidence and leads an investigation to identify and solve computer attacks. The investigation in firewall forensics is a too delicate procedure. It consists of analyzing and interpreting the relevant information contained in firewall log files to confirm or refute the attacks occurrence. But log files content is mysterious and difficult to decode. Its analysis and interpretation require a qualified expertise. This paper presents an intelligent system that automates the firewall forensics process and helps in managing, analyzing and interpreting the firewall log files content. This system will assist the security administrator to make suitable decisions and judgments during the investigation step.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bensefia, H.: Fichiers Logs: Preuves Judiciaires et Composant Vital pour Forensics. Review of Scientific and Technical Information (RIST) 15(01-02), 77–94 (2005)
Carrier, B., Spafford, E.H.: Getting physical with the digital investigation process. International Journal of digital evidence 2(2) (2003)
Yasinsac, A., Manzano, Y.: Policies to Enhance Computer and Network Forensics. In: Workshop on Information Assurance and Security, United States Military Academy, West Point, pp. 289-295 (2001)
Sommer, P.: Digital Footprints: Assessing Computer Evidence, Criminal Law Review, Special Edition, pp. 61-78 (1998)
Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Book review. Academic Press, San Diego (2000)
FAQ: Firewall Forensics (What am I seeing ?), http://www.capnet.state.tx.us/firewall-seen.html (last visit October 2010)
Bensefia, H.: La conception d’une base de connaissances pour l’investigation dans Firewall Forensics. Master thesis. Centre of Research in Technical and Scientific Information, Algeria (2002)
Lodin, W., Schuba, L.: Firewalls fend off invasions from the net. IEEE spectrum 35(2) (1998)
Chown, T., Read, J., DeRoure, D.: The Use of Firewalls in an Academic Environment. JTAP-631, Department of Electronics and Computer Science. University of Southampton (2000)
Ferber, J.: Introduction aux systèmes multiagents. Inter Editions (2005)
Boissier, O., Guessoum, Z.: Systèmes Multi-agents Défis Scientifiques et Nouveaux usages. Hermès (2004)
Murray, C.P.: Network Forensics. University of Minnesota, Morris (2000)
Sommer, P.: Downloads, Logs and Captures: Evidence from cyberspace. Computer Journal of Financial Crime, 138-152 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bensefia, H., Ghoualmi, N. (2011). An Intelligent System for Decision Making in Firewall Forensics. In: Cherifi, H., Zain, J.M., El-Qawasmeh, E. (eds) Digital Information and Communication Technology and Its Applications. DICTAP 2011. Communications in Computer and Information Science, vol 166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21984-9_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-21984-9_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21983-2
Online ISBN: 978-3-642-21984-9
eBook Packages: Computer ScienceComputer Science (R0)