Browser unable to execute script; please use the site map to navigate the site.

The design of a logical traffic isolation forensic model

Dlamini and Olivier

2009

(Citation)Citation information

I. Z. Dlamini and M. S. Olivier. “The design of a logical traffic isolation forensic model”. In: Proceedings of the ISSA 2009 Conference. Ed. by H. S. Venter, M. Coetzee, and L. Labuschagne. (Research in progress paper, published electronically). Johannesburg, South Africa, July 2009

(Abstract)Abstract

The network evidence currently presented in a court of law is often insufficient for prosecution purposes due to a loss of packets during the network transmission. Such packet loss may be caused by the congestion of data transmitted over the network, which only serves to further compound the delay in data transmission. The paper in hand extends the earlier work done on a forensic model for traffic isolation based on Differentiated Services (DiffServ). The logical traffic isolation (LTI) forensic model intends to solve the packet loss problem that may cause evidence to be insufficient. It isolates suspicious traffic from the normal flow by placing it on a dedicated route using DiffServ prioritising characteristics that avoid congestion of the suspicious traffic. The LTI model further includes a preservation station that serves to record all suspicious traffic before it is forwarded to its destination. This paper focuses on the analysis and design of the LTI model. An attempt is made to design a more flexible and reliable system — with a minimal loss of evidence — by incorporating some of the design algorithms.

(Full text)Full text

A pre- or postprint of the publication is available at https://mo.co.za/open/isolationmodel.pdf.

(BibTeX record)BibTeX reference

@inproceedings(isolationmodel,
author={Innocentia Z Dlamini and Martin S Olivier},
title={The design of a logical traffic isolation forensic model},
editor={Hein S Venter and Marijke Coetzee and Les Labuschagne},
booktitle={Proceedings of the ISSA 2009 Conference},
address={Johannesburg, South Africa},
month=jul,
year={2009},
note={(Research in progress paper, published electronically)} )