Provided by: University of Peloponnese
Date Added: Jan 2014
Discovering the causes of incorrect behavior in large networks is often difficult. This difficulty is compounded when some machines in the network are compromised, since these compromised machines may use deception or tamper with data to frustrate forensic analysis. Recently proposed forensic tools enable administrators to learn the causes of some system states in a partially compromised network, but these tools are inherently unable to observe covert communication between compromised nodes or detect attempts to exfiltrate sensitive data.