Browser unable to execute script; please use the site map to navigate the site.

Network Forensics in a Clean-slate Internet Architecture

Strauss and Olivier


(Citation)Citation information

T. Strauss and M. S. Olivier. “Network Forensics in a Clean-slate Internet Architecture”. In: Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference. Ed. by H. S. Venter, M. Coetzee, and M. Loock. (Published electronically). Aug. 2011


This paper reflects on the network forensic implication of a specific clean-slate future internetwork architecture. The paper first provides an overview of the architecture and how it compares to the well-established TCP/IP model. The architecture’s network forensic features are then considered.

The architecture’s approach to naming and addressing fundamentally differs from the approach used in the current Internet. Great care is taken to distinguish between names and addresses. Names are used to identify entities and generally have a large scope. Addresses, however, are used to locate entities within a limited scope and are consequently not necessarily globally significant. These properties in particular create additional challenges when capturing and analysing network traffic as evidence.

The paper shows that the architecture is well-suited for a distributed systems approach to forensics and that the network architecture increases the potential sources of reliable evidence.

(Full text)Full text

A pre- or postprint of the publication is available at

(BibTeX record)BibTeX reference

title={Network Forensics in a Clean-slate Internet Architecture},
author={Tinus Strauss and Martin S Olivier},
editor={Hein S Venter and Marijke Coetzee and Marianne Loock},
booktitle={Proceedings of the 2011 Information Security for South Africa (ISSA 2011) Conference},
note={(Published electronically)} )