Intrusion Detection Systems and a View to Its Forensic Applications

Traditional computer security has often emphasised prevention, and to a lesser degree, the detection of system security violations. However, it is recognised that the forensic aspect to the overall model of computer security is equally as important. The area of computer forensics lends itself heavily to the response of a criminal violation that has already occurred on a system. This paper views a forensic application within the framework of Intrusion Detection and details work accomplished on a prototype anomaly Intrusion Detection system.