Agent-based forensic investigations with an integrated framework.

Buchanan, William J, Graves, Jamie, Saliou, Lionel, Sebea, A L and Migas, Nikos (2005) Agent-based forensic investigations with an integrated framework. In: 4th European Conference of Information Warfare and Security, 11th-12th July 2005, University of Glamorgan, UK.

Available under License Creative Commons Attribution Non-commercial.

Download (290kB) | Preview


    Forensics investigations can be flawed for many reasons, such as that they can lack any real evidence of an incident. Also, it can be the case that the legal rights of an individual has been breached, or that the steps taken in the investigation cannot be verified. This paper outlines an integrated framework for both data gathering, using mobile and static agents, and also in the creation of a data gathering system which logs data in a verifiable and open way. Forensic information which is gathered over a network is often more verifiable over host-based data gathering. The framework for logging data for future investigations uses a formal approach where a forensics policy is defined, which is then compiled into an implementation which can run on agent systems, such as with SNMP agents, and IDS (Intrusion Detection System) agents. The paper also proposes a system which uses mobile and static agents to formalize the investigation process. This should produce investigations which can be verified, and which are programmed the expertise of an investigator, and also contain legal and moral programming to constrain the limits of a forensic investigation.

    Item Type: Conference or Workshop Item (Paper)
    Uncontrolled Keywords: Agents; mobile agents; intrusion detection; SNMP; integrated framework;
    University Divisions/Research Centres: Faculty of Engineering, Computing and Creative Industries > School of Computing
    Dewey Decimal Subjects: 000 Computer science, information & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data > 005.8 Data security
    Library of Congress Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
    Item ID: 3953
    Depositing User: Professor Bill Buchanan
    Date Deposited: 23 Dec 2010 12:51
    Last Modified: 18 Jun 2012 14:15

    Actions (login required)

    View Item

    Document Downloads

    More statistics for this item...

    Edinburgh Napier University is a registered Scottish charity. Registration number SC018373