Enabling Non-Expert Analysis OF Large Volumes OF Intercepted Network Traffic - Advances in Digital Forensics XIV
Conference Papers Year : 2018

Enabling Non-Expert Analysis OF Large Volumes OF Intercepted Network Traffic

Abstract

Telecommunications wiretaps are commonly used by law enforcement in criminal investigations. While phone-based wiretapping has seen considerable success, the same cannot be said for Internet taps. Large portions of intercepted Internet traffic are often encrypted, making it difficult to obtain useful information. The advent of the Internet of Things further complicates network wiretapping. In fact, the current level of complexity of intercepted network traffic is almost at the point where data cannot be analyzed without the active involvement of experts. Additionally, investigations typically focus on analyzing traffic in chronological order and predominately examine the data content of the intercepted traffic. This approach is overly arduous when the amount of data to be analyzed is very large.This chapter describes a novel approach for analyzing large amounts of intercepted network traffic based on traffic metadata. The approach significantly reduces the analysis time and provides useful insights and information to non-technical investigators. The approach is evaluated using a large sample of network traffic data.
Fichier principal
Vignette du fichier
472401_1_En_11_Chapter.pdf (343.82 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01988846 , version 1 (22-01-2019)

Licence

Identifiers

Cite

Erwin van De Wiel, Mark Scanlon, Nhien-An Le-Khac. Enabling Non-Expert Analysis OF Large Volumes OF Intercepted Network Traffic. 14th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2018, New Delhi, India. pp.183-197, ⟨10.1007/978-3-319-99277-8_11⟩. ⟨hal-01988846⟩
93 View
110 Download

Altmetric

Share

More