Detail publikace
Advanced Techniques for Reconstruction of Incomplete Network Data
Pluskal Jan, Ing., Ph.D. (UIFS FIT VUT)
Ryšavý Ondřej, doc. Ing., Ph.D. (UIFS FIT VUT)
Veselý Vladimír, Ing., Ph.D. (UIFS FIT VUT)
Kmeť Martin, Ing. (UIFS FIT VUT)
Karpíšek Filip, Ing. (UIFS FIT VUT)
Vymlátil Martin, Ing. (FIT VUT)
síťová forenzní analýza, nástroje, TCP reassembling, rekonstrukce provozu, webové maily, bitcoiny, šifrování SSL
Network forensics is a method of obtaining and analysing digital evidences from network sources. Network forensics includes data acquisition, selection, processing, analysis and presentation to investigators. Due to high volumes of transmitted data the acquired information can be incomplete, corrupted, or disordered which makes further reconstruction dicult. In this paper, we address the issue of advanced parsing and reconstruction of incomplete, corrupted, or disordered data packets. We introduce a technique that recovers TCP or UDP conversations so they could be further analysed by application parsers. Presented technique is implemented in a new network forensics tool called NetFox.Detective. We also discuss current challenges in parsing webmail communication, SSL decryption and Bitcoins detection. č
@ARTICLE{FITPUB10864, author = "Petr Matou\v{s}ek and Jan Pluskal and Ond\v{r}ej Ry\v{s}av\'{y} and Vladim\'{i}r Vesel\'{y} and Martin Kme\v{t} and Filip Karp\'{i}\v{s}ek and Martin Vyml\'{a}til", title = "Advanced Techniques for Reconstruction of Incomplete Network Data", pages = "69--84", journal = "Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering", volume = 2015, number = 157, year = 2015, ISSN = "1867-8211", doi = "10.1007/978-3-319-25512-5\_6", language = "english", url = "https://www.fit.vut.cz/research/publication/10864" }