Computer Security Meets Digital and Network Forensics: New Ideas in Forensically Sound Adaptive Security
Source: University of South Australia
Substantial developments in security for computers and networks have happened in recent times. This progress has been marked by an increase in the range of novel protocols, novel encryption algorithms and smarter firewalls amongst other characteristics. Given the increasing requirements by the law, the paper suggests that security systems need built-in forensic capabilities. It elaborates how anti-virus tools take logs, botnet attacks result in traffic log generation and real-time traceback, and, threats are progressively assessed whilst they progress through the system. And how all this happens with correlation and simultaneous occurrence of forensic storage. The paper puts forth the value of uniting Network Forensics and security as an 'Intersection'. It offers detailed discussions on the use of these separate tools. It suggests that an understanding of these offers much potential for the provision of increased network security in the future. It also suggests that such understanding could offer many insights into data leakage and incoming attacks. It suggests integrity, confidentiality, forensic compliance and availability requirements as challenges for the development of new security tools. The paper discusses "Life-of-data" forensics, defining it as occurring where data is encapsulated forensically once it is within the policy domain. It recommends that the 'Intersection' concept needs to retain forensic integrity between domains at hand-off points. The paper also draws relevant parallels.