Agent-based Forensic Investigations with an Integrated Framework

Buchanan, W., Graves, J., Saliou, L., Migas, N. (2005). Agent-based Forensic Investigations with an Integrated Framework. In: Hutchinson, W. (Ed.) 4th European Conference of Information Warfare and Security, , () ( ed.). (pp. 47-52). Glamorgan, United Kingdom: . Academic Conferences International.


ISBN: 1-905305-02-8
ISSN:

Abstract

Forensics investigations can be flawed for many reasons, such as that they can lack any real evidence of an incident. Also, it can be the case that the legal rights of an individual has been breached, or that the steps taken in the investigation cannot be verified. This paper outlines an integrated framework for both data gathering, using mobile and static agents, and also in the creation of a data gathering system which logs data in a verifiable and open way. Forensic information which is gathered over a network is often more verifiable over host-based data gathering. The framework for logging data for future investigations uses a formal approach where a forensics policy is defined, which is then com-piled into an implementation which can run on agent systems, such as with SNMP agents, and IDS (Intrusion Detection System) agents. The paper also proposes a system, which uses mobile and static agents to formalize the investigation process. This should produce investigations which can be verified, and which are programmed the expertise of an investigator, and also contain legal and moral programming to constrain the limits of a forensic investigation.
[Read More]

Authors

William Buchanan
Director of CDCS
w.buchanan@napier.ac.uk
+44 131 455 2759
Jamie Graves
Affiliate Research Fellow
j.graves@napier.ac.uk
+44 131 455

Areas of Expertise

Cyber-Security
Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Associated Projects